University of Michigan | ITS

Home Students Faculty & Staff IT Security Community

Report an IT Security Incident

About IIA

F.A.Q.

Home

Services

Vulnerabilities probed during IIA network scanning

Vulnerabilities Probed During IIA Network Scanning

name	description	cve
Open Recursive DNS Server	Typically, DNS servers only provide recursive DNS services to machines within a trusted domain. A server with this vulnerability is providing recursive DNS service to any host on the Internet. Restricting recursion and disabling the ability to send additional delegation information can help prevent DNS-based DoS attacks and cache poisoning. It can also improve performance on your network by reducing the vulnerability of your DNS servers to use as a reflector in such an attack. Fix:See The Continuing Denial of Service Threat Posed by DNS Recursion for more information.
CGI - AnyForm2	The file /cgi-bin/AnyForm2 can be used by an attacker to email your web server's password file back to the attacker. Fix:If you do not use the AnyForm2 CGI script it is recommended that you remove it or upgrade to the latest version.	CVE-1999-0066
CGI - Count	The file /cgi-bin/Count.cgi contains two buffer overflows which allow a remote attacker to execute commands on your web server. Fix:If you do not use the Count.cgi it is recommended that you remove it or upgrade to the latest version.	CVE-1999-0021
CGI - Faxsurvey	The file /cgi-bin/faxsurvey can be used by an attacker to view files on your system and also possibly spawn a shell remotely. Fix:If you do not use the Faxsurvey cgi script it is recommended that you remove it or upgrade to the latest version.	CVE-1999-0262
CGI - JJ	The file /cgi-bin/jj can be used by an attacker to view files on your system and also possibly spawn a shell remotely. Fix:If you do not use the JJ CGI script it is recommended that you remove it.	CVE-1999-0260
CGI - Man.sh file viewing and command execution vulnerability	The file /cgi-bin/man.sh can be used by an attacker to view files on your system and possibility also exists to execute commands remotely. Fix:Remove /cgi-bin/man.sh.	CVE-1999-1179
CGI - Phf	The file /cgi-bin/phf can be used to remotely view any file your web server has permissions to view. Fix:If you do not use the phf CGI script it is recommended that you remove it.	CVE-1999-0067
CGI - Test-Cgi	The file /cgi-bin/test-cgi allows a remote attacker to list files on your web server. This information could be used to determine what type of software you have installed and might possibly be vulnerable to attack. Fix:Remove the /cgi-bin/test-cgi file from your web server.	CVE-1999-0070
CGI - Textcounter	The file /cgi-bin/textcounter.pl can be used by an attacker to execute commands on your server with the same rights as the http daemon. Fix:If you do not use the Textcounter cgi script it is recommended that you remove it or upgrade to the latest version.
CGI - Uploader.exe	The file /cgi-win/uploader.exe can be used by a remote attacker to upload files to your web server and in some cases replace your web page. Fix:Remove /cgi-win/uploader.exe as it is a sample file.	CVE-2000-0769
CGI - Webdist	The file /cgi-bin/webdist.cgi can be used by an attacker to view files on your system and also possibly spawn a shell remotely. Fix:If you do not use the Webdist cgi script it is recommended that you remove it or upgrade to the latest version.	CVE-1999-0039
Anonymous Write	Giving an anonymous user the ability to write to your disk is not recommended as it can lead to the compromise of your system. Fix:Follow your FTP server instructions on how to disable anonymous write access.	CVE-1999-0527 CVE-1999-0497
Serv-U FTP-Server 2.5 Remote Exploit	Serv-U FTP-Server versions prior to 2.5i are vulnerable to a remote buffer overflow that can be exploited to gain access to the remote machine. Fix:Update to the latest version of Serv-U.	CVE-2001-0054
War FTPD 1.65 Remote Exploit	War FTPD 1.65 is vulnerable to a remote buffer overflow that can be exploited to gain access to the remote machine. Fix:Update to the latest version of WarFTPd.	CVE-2000-0131
Windows 95/NT WarFTPd 1.67b2 and 1.70 Remote Exploit	Windows 95/NT WarFTPd versions 1.67b2 and 1.70 are vulnerable to a remote buffer overflow that can be exploited to gain access to the remote machine. Fix:Update to the latest version of WarFTPd.	CVE-2000-0044
WFTPD Remote Buffer Overflow	Texas Imperial Software WFTPD versions 3.0 and earlier exhibit a buffer overflow vulnerability through which the remote attacker can crash the server, or possibly cause the execution of arbitrary code in its context, by submitting long MKD and CWD paths. Fix:Upgrade to the most recent version of WFTPD to eliminate this and possibly other security vulnerabilities in the product.	CVE-1999-0950
WS FTP Server 1.0.2	WS_FTP Server 1.0.2 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of WS_FTP Server.	CVE-1999-0362
CMail 2.4	CMail 2.4 is vulnerable to a hole that will allow a remote attacker to execute arbitrary code on the target server. Fix:Upgrade to the most current version of CMail.	CVE-1999-1521
IMail IMAP login buffer overflow vulnerability	Ipswitch IMail 5.0 and earlier contains a buffer overflow vulnerability in its IMAP mail service's login process that can lead to the execution of arbitrary code. By supplying a long user name and/or password, a remote attacker can compromise the server. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product.	CVE-1999-1557
IMail LDAP Server 5.0	IMail LDAP Server 5.0 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of IMail.	CVE-1999-0385
Mail-Max Version 2.040 Remote Buffer Overflow	Mail-Max Version 2.040 is vulnerable to a remote buffer overflow that can be exploited to gain access to the remote machine. Fix:Upgrade to the latest version of Mail-Max.	CVE-1999-0404
Mercur IMAP4 Server 3-00-26	Mercur IMAP4 Server 3.00.26 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of Mercur.	CVE-2000-0198
Mercur POP3 Server 3-00-24	Mercur POP3 Server 3.00.24 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of Mercur.	CVE-2000-0198
QPOP 2.2 Remote Buffer Overflow	QPOP 2.2 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP.
QPOP 2.1.4-R3 Remote Buffer Overflow	QPOP 2.1.4-R3 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP.
QPOP 2.3 Remote Buffer Overflow	QPOP 2.3 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP.
QPOP 2.4 Remote Buffer Overflow	QPOP 2.4 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP.	CVE-1999-0006
QPOP 2.41beta1 Remote Buffer Overflow	QPOP 2.41beta1 is vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP.
Sendmail 5.5	Sendmail version 5.5 contains a hole that allows an attacker to remotely execute commands. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.	CVE-1999-0095
Sendmail 5.61	Sendmail version 5.61 contains a hole that allows an attacker to remotely execute commands. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.
Sendmail 5.65	Sendmail version 5.65 contains several backdoors that allow an attacker to remotely execute commands. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.
Sendmail 5.65c	Sendmail version 5.65c contains a bug could allow an attacker to remotely execute commands. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.
Sendmail 8.6.9 ident execute attack	Sendmail version 8.6.9 contains a hole that allows an attacker to remotely execute commands at root level through ident functionality. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.	CVE-1999-0204
Sendmail Daemon Mode Vulnerability	A vulnerability in Sendmail 8.7.x through 8.8.2 allows local non-root users to run sendmail as root. By carefully configuring the environment a user can execute commands as root using this flaw. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrading to the most recent version of Sendmail will eliminate this and other flaws found in the past.	CVE-1999-0130
Sendmail 8.8.x HELO Buffer Overflow	A buffer overflow in Sendmail 8.8.x occurs when handling large arguments to the SMTP HELO command. This vulnerability can be exploited to spoof email and possibly execute code on the remote system with a high degree of privilege. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.	CVE-1999-0098
Sendmail 8.9.2 DoS	Sendmail versions 8.8.8 through 8.9.2 contain several bugs that could allow an attacker to launch a DoS (Denial of Service) attack. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.	CVE-1999-0393
SLMail 3.1 RAS File Access	SLMail 3.1 and 3.2 contain multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of SLMail.	CVE-1999-0380
SMTP Relaying	The targeted server is configured to allow SMTP mail relay. This could be abused by remote users (i.e. spammers, attackers) to send e-mail that appear to be from the targeted server's domain. Fix:The best form of mitigation is to disable SMTP relaying following the guidance of the vendor manual or documentation. Alternatively, restrict SMTP server access to only allow mail relaying from authorized users or domains.	CVE-1999-0512
Null Session	A Null Session occurs when an attacker sends a blank username and blank password to try to connect to the IPC$ (Inter Process Communication) pipe. By creating a null session to IPC$ an attacker is then able to gain a list of user names, shares, and other potentially sensitive information. Note: If you have run this Retina scan with Administrator level access to your network then you will always be able to create a null session and therefore this is a false positive and not a vulnerability. Fix:Important: Make sure to test the following configuration changes carefully before deployment to production systems, especially on domain controllers and in other environments where anonymous access may be in legitimate use. Open the `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa` registry key, then perform the following steps appropriate to the system's version of Windows. On Windows NT 4.0: Create or modify the `RestrictAnonymous` registry value (type `REG_DWORD`) to contain a value of 1. Note that a reboot will be required in order for this change to take effect. This vulnerability cannot be fully mitigated on Windows NT 4.0, as only user and share enumeration will be prevented with this setting. Further null session restriction is possible starting with Windows 2000. On Windows 2000: Create or modify the `RestrictAnonymous` registry value (type `REG_DWORD`) to contain a value of 2. This setting will take effect immediately, although existing null sessions will not be affected. A value of 2 will not allow a null session to be established. On Windows XP and Windows Server 2003: Create or modify the `RestrictAnonymous` registry value (type `REG_DWORD`) to contain a value of 1. Create or modify the `RestrictAnonymousSAM` registry value (type `REG_DWORD`) to contain a value of 1. Create or modify the `EveryoneIncludesAnonymous` registry value (type `REG_DWORD`) to contain a value of 0. A reboot will be required in order for these changes to take effect. UNIX/Linux Systems with SAMBA: Refer to the referenced SAMBA documentation for restricting anonymous access.	CVE-2000-1200
Anonymous Registry	Remote access to the server's registry was anonymously granted. This is a very serious vulnerability that can lead to an attacker remotely compromising your machine. Fix:Set the security permissions on HKEY_LOCAL_MACHINE\system\CurrentcontrolSet\Control\SecurePipeServers\winreg to the following: Administrators: Full Backup Operators: Read(QENR) Local Service: Read(QENR)	CVE-1999-0562
NetBus backdoor	A backdoor is a program an attacker can place on a machine to gain access to resources at a later date. Fix:If NetBus is not authorized then it is recommended that you remove it. Locate and delete the following registry key: Hive: HKEY_LOCAL_MACHINE Path: Software\Microsoft\Windows\CurrentVersion\Run Key: SysEdit Reboot your computer. Do a file search for sysedit.exe and keyhook.dll and delete them.	CVE-1999-0660
Outdated SSH	You are running a version of SSHd that is outdated. A number of cryptographic weaknesses exist in SSH protocol versions prior to 1.3, and most implementations contain additional serious security vulnerabilities. Fix:Upgrade to the latest version of the SSH service.
Open NFS Share	It is recommended that you close this NFS mount. An attacker could probably mount and read files on this partition. You can close this mount by limiting the systems that can connect to it or removing it completely. Fix:Follow your NFS server instructions on how to remove or restrict an NFS Share.	CVE-1999-0554
IMail IMonitor buffer overflow vulnerability	Ipswitch IMail 5.0 and earlier exhibits a buffer overflow in its IMonitor service (typically port 8181) through which a remote attacker can crash the server or cause it to execute malicious code by sending a long string of 2045 or more characters. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product.	CVE-1999-1046
IMail web service buffer overflow vulnerability	Ipswitch IMail 5.0 and earlier is susceptible to a buffer overflow in its web service (typically port 8383) that a remote attacker can exploit to cause the execution of arbitrary code on the host. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product.	CVE-1999-1551
Mercur Control Service 3.00.21	Mercur Control Service 3.00.21 contains multiple buffer overflows. A remote attacker could use these remote overflows to execute commands on your server with NT SYSTEM level access. Fix:Upgrade to the current version of Mercur.	CVE-2000-0198
Cold Fusion - Display Open File	The example Cold fusion file, displayopenedfile.cfm, can be used by a remote attacker to upload files to your web server. If a remote attacker was to upload a Cold Fusion page they could possibly browse directories on the server as well as upload, download and delete files. Fix:It is recommended to remove all sample Cold Fusion files from your web server. Refer to the Allaire Security Bulletin link below.	CVE-1999-0477
Cold Fusion - ExprCalc	The example Cold fusion file, exprcalc.cfm, can be used by a remote attacker to view files on your web server therefore possibly leading to your server being compromised. Fix:It is recommended to remove all sample Cold Fusion files from your web server. Refer to the Allaire Security Bulletin link below.	CVE-1999-0455
Cold Fusion - Open File	The example Cold fusion file, openfile.cfm, can be used by a remote attacker to upload files to your web server. If a remote attacker was to upload a Cold Fusion page they could possibly browse directories on the server as well as upload, download and delete files. Fix:It is recommended to remove all sample Cold Fusion files from your web server. Refer to the Allaire Security Bulletin link below.	CVE-1999-0477
FrontPage Password File - Authors.pwd	The authors.pwd file contains the FrontPage user names and encrypted passwords. A remote attacker can download this password file and run it through a password-cracking program. Once they have cracked a valid login they can then proceed to gain remote access to your system. Fix:Upgrade to the latest version of FrontPage.
FrontPage Password File - Service.pwd	The service.pwd file contains the FrontPage user names and encrypted passwords. A remote attacker can download this password file and run it through a password-cracking program. Once they have cracked a valid login they can then proceed to gain remote access to your system. Fix:Upgrade to the latest version of FrontPage.
FrontPage Password File - Users.pwd	The users.pwd file contains the FrontPage user names and encrypted passwords. A remote attacker can download this password file and run it through a password-cracking program. Once they have cracked a valid login they can then proceed to gain remote access to your system. Fix:Upgrade to the latest version of FrontPage.
Malformed HTR Request - NT4	A vulnerability in IIS involves an unchecked buffer in the filter DLLs for the following file types: .HTR, .STM and .IDC files. The .htr, .STM and .IDC extensions are used by ISAPI filters so an attacker can therefore overflow those ISAPI filters and remotely execute code as SYSTEM. Fix:Install the Microsoft supplied fix.	CVE-1999-0874
MSADC - ShowCode	The file /msadc/Samples/SELECTOR/showcode.asp can be used by an attacker to remotely view any file on your web server. Fix:It is recommended that you remove the folders C:\Program Files\Common Files\System\msadc\Samples and Samples11.	CVE-1999-0736
Sambar Web Server batch CGI vulnerability	Sambar Technologies Sambar Web Server 4.2 beta 7 and earlier is vulnerable to arbitrary command execution through the use of shell metacharacters in parameters to batch files in the cgi-bin directory, such as the default hello.bat and echo.bat files. Fix:Remove the hello.bat and echo.bat batch files from the cgi-bin directory, and prevent users from uploading to the location as well.	CVE-2000-0213
CGI - ColdFusion Default application evaluation vulnerability	This Cold Fusion script allows an attacker to evaluate chunks of CF code, perhaps even allowing a DoS Fix:Customers who are running ColdFusion 4.0 should install the ColdFusion 4.0.1 maintenance release on all of their installations of ColdFusion Server 4.0. Customers running other versions of ColdFusion or customers who have upgraded to 4.0.1 should completely remove the CFDOCS directory on production servers and restrict access to it on developer workstations.	CVE-1999-0923
CGI - ColdFusion Example application content add	This Cold Fusion sample application may allow an attacker the ability to create custom Cold Fusion scripts on the server. Fix:Customers who are running ColdFusion 4.0 should install the ColdFusion 4.0.1 maintenance release on all of their installations of ColdFusion Server 4.0. Customers running other versions of ColdFusion or customers who have upgraded to 4.0.1 should completely remove the CFDOCS directory on production servers and restrict access to it on developer workstations.
CGI - ColdFusion Example application	This example application may allow an attacker access to the ColdFusion server. Fix:Customers who are running ColdFusion 4.0 should install the ColdFusion 4.0.1 maintenance release on all of their installations of ColdFusion Server 4.0. Customers running other versions of ColdFusion or customers who have upgraded to 4.0.1 should completely remove the CFDOCS directory on production servers and restrict access to it on developer workstations.	CVE-2000-0189
CGI - ColdFusion Example application 2	This application may allow an attacker access to the ColdFusion Server. Note: this audit may produce a false positive result when scanning web servers running BlueDragon. Fix:Customers who are running ColdFusion 4.0 should install the ColdFusion 4.0.1 maintenance release on all of their installations of ColdFusion Server 4.0. Customers running other versions of ColdFusion or customers who have upgraded to 4.0.1 should completely remove the CFDOCS directory on production servers and restrict access to it on developer workstations.	CVE-2000-0189
IIS Sample application - JET prob	Due to a problem in the JET database driver, this file could allow an attacker the ability to run arbitrary commands on your web server Fix:Remove all sample application and upgrade your JET database engine to at least version 4.0
IIS sample application - details	This file may allow an attacker access to your server via a JET database issue Fix:Upgrade your MSADC components and remove ALL sample applications from production web servers
IIS sample application - ctguestb	The IIS sample applications contain numerous vulnerabilities Fix:Remove all sample applications installed on your web server
NEWDSN Vulnerability	The NEWDSN.exe program can be used to create files on an affected server Fix:Remove access to the /SCRIPTS/TOOLS directory on a production server.	CVE-1999-0191
IIS 3.0/4.0 MDAC RDS Remote Command Execution (MS99-025)	The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.0 and 4.0 exposes unsafe methods, which can be exploited by remote attackers to execute arbitrary commands with SYSTEM level privileges. MDAC 1.5 and 2.0 are affected by this vulnerability. MDAC 2.1 is only affected when installed as an upgrade from a previous version. (Note: This audit checks for the existence of the vulnerable component by querying the target HTTP server and could potentially produce false positives on patched systems.) Fix:Remove the /msadc directory and IIS virtual mapping and install MDAC 2.1 SP2 or newer. Note: This audit checks for the existence of the vulnerable component by querying the target HTTP server and could potentially produce false positives on patched systems.	CVE-1999-1011
ORA Website sample Buffer overflow vuln	There is a buffer overflow in this sample application. Fix:Remove win-c-sample.exe from your site.	CVE-1999-0178
Perl Execute Vulnerability -scripts	Perl has been found in the /scripts directory. An attacker can use this to execute specific perl code to compromise the server. Fix:Remove perl from the web directory. Place it in a common path outside the web root.	CVE-1999-0509
Perl Execute Vulnerability -cgibin	Perl has been found in the /cgi-bin directory. An attacker can use this to execute specific perl code to compromise the server. Fix:Remove perl from the web directory. Place it in a common path outside the web root.	CVE-1999-0509
rsh service	The rsh service is running on the scanned system on port 514. The rsh service is vulnerable to IP spoofing attacks and may allow an attacker the ability to execute commands on your server if they can spoof a trusted host. Note: the syslog daemon also runs on port 514, and so this audit may produce a false positive result for this reason. Fix:We recommend disabling this service and migrating to a more secure alternative such as SSH. To disable the rsh service simply comment out it's entry in the inetd.conf file in the /etc directory. After commenting out the entry, restart the inetd service to ensure the rsh service has been disabled.	CVE-1999-0651
rlogin service	This service is vulnerable to IP spoofing attacks and may allow an attacker the ability to execute commands on your server if they can spoof a trusted host. Fix:We recommend disabling this service and migrating to a more secure alternative such as SSH. To disable the rlogin service simply comment out it's entry in the inetd.conf file in the /etc directory. After commenting out the entry, restart the inetd service to ensure the rlogin service has been disabled.	CVE-1999-0651
Sendmail 8.7.5 and lower resource depletion	There is a resource depletion vulnerability in sendmail versions prior to 8.7.6. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.	CVE-1999-0131
Sendmail ETRN DoS	This version of Sendmail has a bug that may allow a remote user to cause the server to use large amounts of resources by sending many ETRN commands to it resulting in a Denial of Service condition. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.	CVE-1999-1109
Sendmail maillocal vulnerability	This version of Sendmail has a bug that allows a remote or local user to use a bug in the shipped mail.local to freeze sendmail delivery or corrupt mailboxes. The problem exists in the LMTP handling of mail.local and requires that mail.local be used as the default local mail delivery agent Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail.	CVE-2000-0319
SLMail 3.0 MAIL FROM buffer overflow	A buffer overflow in SLMail versions 3.0.2421 and earlier can be exploited by supplying a carefully crafted argument to the "MAIL FROM:" SMTP command. This vulnerability can be exploited remotely to gain SYSTEM access on any vulnerable mail server running SLMail. Fix:Upgrade to the most recent version of SLMail to eliminate this and other vulnerabilities previously discovered in SLMail.	CVE-1999-0102
CMail 2.4.7 Web Interface Buffer Overflow	CMail 2.4.7 is vulnerable to a hole that will allow a remote attacker to execute arbitrary code on the target server. Fix:Upgrade to the current version of CMail.	CVE-2000-0557
IMail POP3 buffer overflow vulnerability	Ipswitch IMail 5.07 and earlier are susceptible to a buffer overflow in the POP3 mail service that can be actuated by sending a user name between 200 and 500 characters. A remote attacker can exploit this vulnerability to cause malicious code execution. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product.
AnalogX SimpleServer:WWW Get overflow	A buffer overflow exists in the AnalogX SimpleServer:WWW version 1.01. This overflow could allow an attacker to run commands with the UID of the web server. Fix:Upgrade to the most current version of SimpleServer:WWW.	CVE-2000-0011
aVirt Mail Server Directory Creation Vulnerability	This version of aVirt Mail Server contains a remotely exploitable problem with handling paths in the RCPT TO field. Fix:Upgrade to the current version of aVirt Mail Server.
aVirt POP Server Buffer Overflow Vulnerability	This version of aVirt Mail Server contains a remotely exploitable buffer overflow in the RCPT TO field. Fix:Upgrade to the current version of aVirt Mail Server.
RPC rexd non root command execute	The rexd RPC service has been known to contain holes that would allow a remote attacker the ability to run code as a non root on the remote server due to a programming error. Note: This audit may produce a false positive result, as it detects the presence of the RPC service, not the version installed. Fix:Upgrade to the current version of cmsd from your vendor, or if this service is unnecessary, remove it following your vendor's directions.	CVE-1999-0627
RPC sadmind overflow	The sadmind RPC service has been known to contain holes that would allow a remote attacker the ability to run code as root on the remote server due to an unchecked buffer condition. Note: This audit may produce a false positive result, as it detects the presence of the RPC service, not the version installed. Fix:Upgrade to the current version of cmsd from your vendor, or if this service is unnecessary, remove it following your vendor's directions.	CVE-2003-0722 CVE-1999-0977
SGI Infosrch.cgi vuln	The /cgi-bin/infosrch.cgi script allows an attacker to execute commands through passing shell meta characters. The commands execute at the privilege level of the web server. Fix:SGI recommends removing non root execute privileged for this program, or removing the program if it is not used.	CVE-2000-0207
ORA Website uploader attack	The /cgi-win/uploader.exe file could allow an attacker the ability to send a file to your cgi-win directory and execute it. Fix:Remove uploader.exe from your site, or upgrade to at least version 2.0 of WebSite	CVE-1999-0177
CGI - Extropia Guestbook vuln	The file /cgi-bin/guestbook.cgi can be used by an attacker to remotely upload and execute code if Server side includes are enabled. This vulnerability is against extropia/Serena Sol's guestbook.cgi, and requires SSI to be on. Fix:Remove SSI or upgrade to a newer version of the script from the extropia website.	CVE-1999-0237
CGI - Excite Search	The file /cgi-bin/search.cgi installed by the Exite for web services 1.1 can be used by an attacker to execute commands on the remote host by providing a specific search term. Fix:Upgrade to the latest Excite Search engine, available from Excite.	CVE-1999-0279
CGI - w3-msql multiple overflow vuln	The file /cgi-bin/w3-msql installed by mini-SQL as a web interface for MSQL contains numerous buffer overflows, allowing an attacker the ability to execute code in the web server context. Fix:It is recommended that you do not use this cgi program, and look for this functionality in a better supported system.	CVE-2000-0012
Sendmail Invalid MAIL/RCPT Vulnerability	Sendmail versions prior to 8.6.12 contain bugs could allow a remote user to execute commands as root via parsing failures that exist in message header handling. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the current version of Sendmail to eliminate this and other vulnerabilities discovered in the past.	CVE-1999-0203
Sendmail 8.8.1 MIME remote root overflow	Sendmail versions 8.8.0 and 8.8.1 are vulnerable to a buffer overflow in the MIME processing code. This vulnerability can exploited to gain remote root access to a vulnerable machine. This vulnerability is unrelated to CVE-1999-0047. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrading to the most recent version of Sendmail will eliminate this and other flaws discovered in the past.	CVE-1999-0206
Zope DHTML Editing Attack	Zope 2.2.0 through 2.2.4 all contain a bug that could allow an attacker to register a new Zope object with DHTML entities. This new object could be used to attack the server by executing code Fix:Upgrade to the current version of Zope.	CVE-2000-0062
Zope Role Access Attack	Zope 2.2.0 through 2.2.4 all contain a local bug that could allow a local attacker to create a hostile operating environment for Zope that could be used to elevate the user's privileges. Fix:Upgrade to the current version of Zope.	CVE-2000-0725 CVE-2001-0128
QPOP pop_msg remote overflow	QPOP 3.0 and 3.0b20 are vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP.	CVE-1999-0822
QPOP LIST remote buffer overflow	QPOP 3.0 and 3.0 betas under 30 are vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP.	CVE-2000-0096
QPOP fgets remote buffer overflow	QPOP 3.0 and 2.53 are vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP.	CVE-2000-0320
QPOP EUIDL remote overflow	QPOP 2.52 and 2.53 are vulnerable to a remote buffer overflow that can be exploited to gain root level access to the remote machine. Fix:Upgrade to the latest version of QPOP.	CVE-2000-0442
Serv-U FTP-Server SITE PASS DoS	Serv-U FTP-Server version v2.5a is vulnerable to a bug in handling long SITE PASS command arguments that can be exploited to crash the Serv-U process on the remote machine. Fix:Update to the latest version of Serv-U.	CVE-1999-0838
Serv-U FTP-Server Brute Force Vulnerability	Serv-U FTP-Server versions v2.5.X are vulnerable to a bug that allows unrestricted brut forcing of usernames and passwords. Fix:Update to the latest version of Serv-U.	CVE-2000-1033
OmniHTTPd statsconfig.pl command execution	Omnicron Technology Corporation OmniHTTPd 2.07 and earlier exhibits a command injection vulnerability in the included statsconfig.pl script that could allow the web server to be compromised. Fix:Upgrade to the most current version of OmniHTTPd to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0113
CGI - register.cgi - Ikonboard	Ikonboard 2.1.7b contains a vulnerability in its register.cgi (/cgi-bin/register.cgi) script. Poor input checking could allow a remote attacker the ability to execute commands in the privilege context of the web server. Fix:upgrade to the latest version of Ikonboard, or remove it if it is not in use.
CGI - simplestguest.cgi - Tammies Husband	simplestguest.cgi version 2 from Tammie's Husband(/cgi-bin/simplestguest.cgi) contains a vulnerability in handling user input. This script allows a remote attacker the ability to execute commands on the remote system in the privilege context of the web server. Fix:upgrade to the latest version of simplestguest.cgi, or remove it if it is not in use.	CVE-2001-0022
CGI - simplestmail.cgi - Tammies Husband	simplestmail.cgi from Tammie's Husband(/cgi-bin/simplestmail.cgi) contains a vulnerability in handling user input. This script allows a remote attacker the ability to execute commands on the remote system in the privilege context of the web server. Fix:upgrade to the latest version of simplestguest.cgi, or remove it if it is not in use.	CVE-2001-0024
Lotus Domino SMTP 5.04 buffer overflow	A buffer overflow has been found in Lotus Domino Release 5.0 -> 5.0.4. Using this vulnerability a remote attacker can gain a high degree of access. Fix:Upgrading to Lotus Domino Release 5.0.5 will correct this problem.	CVE-2000-1047
NCSA 1.3 overflow	A vulnerability exists in NCSA version 1.3 and earlier that allows remote attackers to achieve root privileges due to a buffer overflow. Fix:Upgrade NCSA to a more recent version to correct this and various other vulnerabilities found since then.	CVE-1999-0267
Enterprise 3.6p2 accept overflow	A buffer overflow exists in the mechanism that handles the parsing of the "Accept" HTTP variable. This vulnerability allows a remote attacker to gain a high degree of access to the system running Netscape Enterprise 3.6sp2. Fix:Upgrading to Netscape Enterprise SP3 will correct this problem.	CVE-1999-0751
thttpd if-modified-since overflow	A buffer overflow was discovered in thttpd version 2.04 that would permit any remote attacker to gain access to the machine that thttpd is installed on. Earlier versions are most likely affected also. Fix:Upgrading to the most recent version of thttpd will correct this problem.	CVE-2000-0359
WebReflex 1.55 GET overflow	A buffer overflow vulnerability exists in WebReflex 1.55. Sending a request to the server with a very large filename will trigger a buffer overflow, causing the server to crash. Fix:We are unaware of any current solution to this problem. As the vendor appears to no longer support this application you should either discontinue use or replace it with a support application.	CVE-2001-0298
BFTPD SITE CHOWN buffer overflow vulnerability	Max-Wilhelm Bruker BFTPD 1.0.13 and earlier is prone to a buffer overflow when handling a SITE CHOWN command with a long user/group parameter. A remote attacker could exploit this vulnerability to execute code on the host machine in the server context. Fix:Upgrade to the most current version of BFTPD to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-0065 CVE-2000-0943
Solaris ftpd glob heap overflow	The Solaris ftp daemon contains a heap-based buffer overflow condition. The problem exists when handling directory alias related characters such as '~' which refers to a users home directory. Fix:We recommend downloading a patch from your vendor when available. If no patch is available either disable this service or use a more secure alternative.	CVE-2001-0249
Solaris in.ftp Core Dump Password Disclosure - FTP Banner	A remote attacker can cause the Solaris FTP server to crash during authentication, thereby leaving a core dump file in the root directory containing encrypted password entries from the /etc/shadow file. Fix:Install vendor supplied patch: x86 Platforms: Solaris 8: 111607-01 or newer. Solaris 7: 110647-02 or newer. SPARC Platforms: Solaris 8: 111606-01 or newer. Solaris 7: 110646-02 or newer.	CVE-2001-0421
IMAP - University of WA 12.264 overflow	Vulnerabilities have been found in COPY,LSUB,RENAME and FIND commands that could allow any attacker with a valid username/password combination to gain command shell access to the server where IMAPD is answering requests. Fix:Upgrading to the latest version of IMAP will correct this as well as other vulnerabilities found in IMAP.	CVE-2000-0284
IMAPD authenticate overflow	A vulnerability discovered in University of Washington's IMAP Server 10.234 allows any attacker remote root access to any system where 10.234 or below is installed. The problem lies with incorrect bounds checking of a buffer passed in by authentication. Fix:Upgrading to the latest version will correct this and various other security flaws.	CVE-1999-0005
RPC fam buffer overflow	Several buffer overflows have been found in the fam service that could allow a remote root compromise. Note: This audit may produce a false positive result, as it detects the presence of the RPC service, not the version installed. Fix:We recommend disabling this service if you are not currently using it.	CVE-1999-0059
RPC rpc.nisd service	The rpc.nisd service is running. Several versions of the NIS (Yellow Pages) service contain various buffer overflow vulnerabilities that arise when the nisd service attempts to interpret large NIS arguments over an RPC based connection. Note: This audit may produce a false positive result, as it detects the presence of the RPC service, not the version installed. Fix:We recommend moving to a more secure alternative due to the amount of security holes found in NIS implementations in the past. If you would like to keep this NIS server under operation, we recommend verifying that you have the most current version available for this operation system and that all appropriate patches are installed.	CVE-1999-0008
RPC selection session sniffing	A vulnerability exists in the SunView selection service that allows a remote attacker to remotely sniff data related to SunView sessions. Fix:We recommend you disable this service if you are not currently using it.
IIS 5.0 IPP ISAPI Host overflow	Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code on unpatched Windows 2000 IIS 5.0 web servers. Fix:A patch is available from Microsoft to fix this vulnerability. We also recommend removing the .printer ISAPI filter if it is not needed.	CVE-2001-0241
IIS5 Translate Source Disclosure	An attacker can view the source code of your ASP files by sending a carefully crafted URL containing the Translate: header field. This can lead to an attacker learning about passwords and various other data that can lead to total system compromise. Fix:Microsoft has released a patch for this problem.	CVE-2000-0778
wu-ftpd V.2.4.2b18 long path overflow	Wu-ftpd version wu-2.4.2-academ[BETA-18-VR9] and earlier contains a buffer overflow that could allow an attacker to remotely gain root access. The problem lies in wu-ftpd's handling of very long pathnames. Fix:Upgrade to the current version of wu-ftpd Server.	CVE-1999-0368
wu-ftpd v2.5.0 mapped_path overflow	Wu-ftpd version 2.5.0 and earlier contains a buffer overflow that could allow an attacker to remotely gain root access. The vulnerability exists in the handling of the mapped_path variable and CWD. Fix:Upgrade to the current version of wu-ftpd Server.	CVE-1999-0878
wu-ftpd message file variable buffer overflow	wu-ftpd versions prior to 2.6.0 are susceptible to a buffer overflow during the expansion of macro variables in a message file, that may allow a remote attacker with an FTP account to cause the execution of arbitrary code on the host. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the software, or as a temporary partial workaround, remove macros from the message files.	CVE-1999-0879
wu-ftpd v2.5.0 SITE NEWER DoS	A vulnerability exists in wu-ftpd 2.5.0 and earlier that allows a remote attacker to initiate a denial of service attack against the remote server running wu-ftpd. After being attacked, wu-ftpd will consume a very large amount of the system's memory. Fix:Upgrading to the latest version of wuftpd will correct this and other serious security vulnerabilities found in WU-FTPD 2.5.0.	CVE-1999-0880
wu-ftpd v2.6.0 conversion	A vulnerability was found in wu-ftpd 2.6.0 and earlier that allows a remote attacker to gain root access to any wu-ftpd server that offers the conversion service. The attack works by uploading filenames with dashes that appear to be tar archives. Fix:Upgrading to the most recent version of wu-ftpd will correct this and other serious security vulnerabilities that have been found in 2.6.0.	CVE-1999-0997
wu-ftpd v2.6.0 SITE EXEC format	Wu-ftpd version wu-2.6.0 and earlier contains a format string conversion vulnerability in its handling of SITE EXEC. An attacker can exploit this to gain remote root access. Fix:Upgrading to the most recent version of WU-FTPD will correct this problem.	CVE-2000-0573
CGI - A1Stats multiple vulnerabilities	Vulnerabilities in A1-Statistics allows remote attackers to view sensitive files on your webservers filesystem and remotely execute commands with the privilege level of your webserver. Fix:Upgrading to the most recent version will eliminate this problem.
CGI - Aspseek multiple buffer overflows	Multiple buffer overflows have been found in s.cgi, a cgi included with ASPSEEK. These can be exploited to gain remote access to your server. Fix:Upgrading to the most recent version of ASPSEEK will eliminate these security issues.
CGI - Cyberscheduler buffer overflow	A buffer overflow vulnerability in the handling of the timezone variable can be exploited to remotely execute commands on the vulnerable server. Fix:Upgrading to the most recent version of Cyberscheduler should correct this problem.
CGI - MAILNEWS 1.3 remote cmd execution	A vulnerability in MAILNEWS 1.3 can be exploited to execute commands on the remote machine. The problem lies in the handling of the mail recipient's address. Fix:Upgrading to the most recent version of MAILNEWS should correct this problem.	CVE-2001-0271
Interscan VirusWall 3.3 HELO overflow	A buffer overflow was discovered in Interscan VirusWall 3.3 SMTP gateway that allows a remote attacker to execute commands on your system with a high level of privilege. The problem exists in the handling of the HELO SMTP command. Fix:Trend Micro has released a patch to fix this security hole. We recommend upgrading to the most recent version of Interscan VirusWall due to other vulnerabilities that have been found in the past.	CVE-1999-1529
Mercur Mailserver 3.3 EXPN buffer overflow	A buffer overflow discovered in Mercur Mailserver 3.3 allows remote attackers to gain system level shell access. The overflow occurs in the handling of the EXPN SMTP command. Previous versions are most likely affected. Fix:Upgrading to the most recent version of Mercur Mailserver should eliminate this problem.	CVE-2001-0280
WFTPD RETR and CWD buffer overflow vulnerability	Texas Imperial Software WFTPD 3.0 R4 and earlier are susceptible to a buffer overflow attack in which a long string in conjunction with a RETR or CWD command is sent to the server, causing a crash or possibly the execution of attacker-supplied code. Fix:Upgrade to the most recent version of WFTPD to eliminate this and possibly other security vulnerabilities in the product.
Interscan VirusWall ISADMIN buffer overflow	A combination of security holes were discovered in Trend Micro Interscan VirusWall (Linux) 3.0.1 and earlier. The first allows an attacker to gain access to admin programs without authenticating. These programs also contain buffer overflows. Fix:Trend Micro has released an upgrade to Interscan Viruswall 3.6 (Linux).	CVE-2001-0432
IIS4-5 escape characters decode vulnerability	Due to a flaw in the handling of CGI filename program requests, it is possible for a remote user to execute arbitrary commands on an Internet Information Server or Personal Web Server host. The problem exists in the decoding of escape characters in the URI of the HTTP request itself. Fix:Microsoft has released a patch to eliminate this flaw.	CVE-2001-0333
GuildFTPD v0.9.7 Multiple Vulnerabilities	Two vulnerabilities were discovered in GuildFTPD that can be exploited to download files outside of the FTPROOT and retrieve ftp account passwords. Fix:Check the vendor homepage for possible fix information or a new software version where the vulnerabilities are eliminated.	CVE-2001-0768 CVE-2001-0767
SpoonFTP v1.0.0.12 Multiple buffer overflows	The SpoonFTP server doesn't correctly apply boundary checks on the 'CWD' and 'LIST' commands. An attacker can exploit these vulnerabilities to gain remote access to the vulnerable machine. Fix:The vendor has released an updated version of their software that eliminates these security flaws.	CVE-2001-0781
WFTPD path/file mapping buffer overflow	Texas Imperial Software WFTPD 3.0 R5 and earlier is susceptible to a buffer overflow attack brought about by the concatenation of a path and file name with a combined length of approximately 260 or more characters. Fix:Upgrade to the most recent version of WFTPD to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0694
IIS IDA remote system overflow	This vulnerability allows any malicious attacker to gain remote system level access on unpatched systems. This is the same attack that was used for CodeRed so it is important to patch immediately. Fix:Microsoft has released a hotfix for this vulnerability.	CVE-2001-0500
MSSQL sa null password	Default MSSQL installations do not set the sa account password. Remote attacks can log into the SQL server with administrative privileges. Fix:Password protect the SA account.	CVE-2000-1209
IMail SMTP "From" field buffer overflow	Ipswitch IMail 6.06 and earlier is susceptible to a buffer overflow in its SMTP service when a long "From" field is provided in conjunction with the name of an existing mailing list in the "Rcpt To" field, allowing malicious code execution on the host. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0494
Frontpage Extensions VS RAD buffer overflow	A buffer overflow class vulnerability in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions can be exploited to gain a high degree of remote access to a server running a vulnerable version. Fix:Install the patch recommended in the Microsoft bulletin to eliminate this vulnerability.	CVE-2001-0341
Bugzilla 2.10 remote command execution	A component of Bugzilla 2.10 doesn't correctly parse shell metacharacters. A user who can subscribe to archive can submit a malformed name that will execute commands as an unprivileged user. Fix:Upgrading to the most recent version of Bugzilla will eliminate this issue.	CVE-2001-0330
IBM Net.Commerce 3.0 remote command execution	A vulnerability in the orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. Fix:Upgrade to the most recent version of IBM Net.Commerce to eliminate these vulnerabilities.	CVE-2001-0319
wu-ftp 2.6.1 format string when debug set	A format string class vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment. Fix:Upgrading wuftpd to the latest version will eliminate this, and other vulnerabilities discovered in the past. Otherwise makes sure wuftpd isn't be launched with the flags -d or -v.	CVE-2001-0187
VShell gateway 1.0.1 format bug	Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. Fix:Upgrading to the most recent version of VShell will eliminate this problem.	CVE-2001-0155
ProFTPD 1.2.0rc2 shutdown format bug	Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory. Fix:Upgrading to the most recent version of proftpd will eliminate this and other security related problems discovered in the past.	CVE-2001-0318
Sendmail Version 5 Remote Root Cmd Execution	A vulnerability in the recipient and sender email address parsing, can be exploited to pipe commands to a program on the local system. Attackers can remote execute commands as root using this vulnerability. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrading to the latest version of Sendmail will eliminate this and other security problems discovered in the past.	CVE-1999-0203
Berkeley Sendmail v5 DEBUG Vulnerability	Sendmail's debug mode allows the recipient of an email message to be a program that runs with the privileges of the user id which sendmail is running under. This user is normally root. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrading to the most recent version of sendmail will eliminate this and many other flaws discovered in the past.	CVE-1999-0095
BIND 8 Transaction Signatures Buffer Overflow	Due to a bug that is present when handling invalid transaction signatures, it is possible to overwrite some memory locations with a known value. This can be used to gain remote root access on a vulnerable bind server. Fix:ISC recommends upgrading to 9.1.0; however, upgrading to 8.2.3 will also correct this problem.	CVE-2001-0010
BIND iquery overflow	BIND 4.9.6 and 8.1.1 fail to properly bound the data received when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host with root privileges. Fix:Upgrade to the current version of bind from the ISC website or your vendor.	CVE-1999-0009
BIND Cache Poisoning	BIND 4.9.4 and 8.1, and also prior versions, contain a vulnerability that can be exploited to corrupt DNS entries in a BIND servers cache, allowing attackers to change DNS entries at will Fix:Upgrade to the current version of bind from the ISC website or your vendor.	CVE-1999-0024
BIND 8.2.1 Buffer overflow in via NXT records	BIND 8.2 and 8.21 contain an error that could allow a remote attacker the ability to run code as root on the remote server. Fix:Upgrade to the current version of bind from the ISC website or your vendor.	CVE-1999-0833
BIND 8.2.1 fdmax Denial of Service	BIND versions including, and prior to 8.2.1, contain a problem releasing file handles that could allow an attacker to mount a remote denial of service attack on the server. Fix:Upgrade to the current version of bind from the ISC website or your vendor.	CVE-1999-0848
BIND 8.2.1 so_linger Denial of Service	BIND versions including, and prior to 8.2.1, are vulnerable to a denial of service attack. By intentionally violating the expected protocols for closing a TCP session, remote intruders can cause named to pause for periods up to 120 seconds. Fix:Upgrade to the current version of bind from the ISC website or your vendor.	CVE-1999-0837
BIND 8.2.1 maxdname Denial of Service	BIND 8.2.1 and prior, contain a function that improperly handles certain data copied from the network could allow a remote intruder to disrupt the normal operation of your name server, possibly including a crash. Fix:Upgrade to the current version of bind from the ISC website or your vendor.	CVE-1999-0849
BIND 8 Internal Memory Disclosure Vulnerability	It is believed that most (if not all) versions of BIND in use contain a vulnerability that may allow an attacker to view named's memory. Fix:ISC Recommends upgrading to 9.1.0, upgrading to 8.2.3 will also correct this problem.	CVE-2001-0012
BIND 4 nslookupComplain() Buffer Overflow	Version 4 of BIND contains a stack overflow that may be exploitable to gain remote root access on the vulnerable bind server. The problem occurs in an error handling function, nslookupComplain. Fix:Upgrade to the current version of bind from the ISC website or your vendor.	CVE-2001-0011
BIND 4 nslookupComplain() Format Bug	Version 4 of BIND contains a format bug that may be exploitable to gain remote root access on the vulnerable bind server. The problem occurs in an error handling function, nslookupComplain. Fix:Upgrade to the current version of bind from the ISC website or your vendor.	CVE-2001-0013
Multiple Vendor DNS Cache corruption	Intruders who control a nameserver on the global internet can force your nameserver to look up data from them and then feed it back additional and corrupt records. Fix:Upgrade to the current version of bind from the ISC website or your vendor.
CGI - ash Interpreter	The ash interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root.	CVE-1999-0509
CGI - bash Interpreter	The bash interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root.	CVE-1999-0509
CGI - ksh Interpreter	The ksh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root.	CVE-1999-0509
CGI - Perl Interpreter	The Perl interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root.	CVE-1999-0509
CGI - rksh Interpreter	The rksh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root.	CVE-1999-0509
CGI - sh Interpreter	The sh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root.	CVE-1999-0509
CGI - tcsh Interpreter	The tcsh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root.	CVE-1999-0509
CGI - zcsh Interpreter	The zcsh interpreter appears to be available on this system. This could allow an attacker to execute arbitrary commands. Fix:If this interpreter is not being used it should be removed. Otherwise configure your webserver to use it outside the web root.	CVE-1999-0509
Webcart vulnerability	There exists a vulnerability within Mountain Network Systems Webcart software. The vulnerability allows any remote attacker to execute commands remotely through your web server. Fix:Contact Mountain Network Systems for a patch.
network_query.php shell execute vulnerability	The php script network_query.php can be used by attackers in order to remotely execute commands against your web server. Fix:If this script is not being used we suggest removing it.
Trend Micro OfficeScan Config File Disclosure	A vulnerability was discovered in Trend Micro OfficeScan Corporate Edition that allows remote attackers to access configuration files containing passwords. Fix:Install vendor supplied patch.
Authentication Error Allows Mail Relaying	A vulnerability results because of a flaw in the authentication process used by the service. The vulnerability could allow an unauthorized user to successfully authenticate to the service using incorrect credentials. An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server. Fix:Install Windows 2000 Security Rollup Package 1 or the latest Service Pack.	CVE-2001-0504
wu-ftpd File Globbing Vulnerability	Wu-Ftpd allows for clients to organize files for ftp actions based on file globbing patterns. The implementation of file globbing included in Wu-Ftpd contains a heap corruption vulnerability that may allow for an attacker to gain remote root access. Fix:Contact your vendor or visit their website to obtain a fix or software upgrade to eliminate this vulnerability.	CVE-2001-0550
Novell Groupwise Servlet Gateway Default Account	A remote attacker may gain access to the Novell Groupwise Servlet Gateway Servlet Manager interface by entering the default username of "servlet" with a default password of "manager". Fix:Edit the SYS:\JAVA\SERVLETS\SERVLET.PROPERTIES file and change the username and password at: servlet.ServletManager.initArgs=datamethod=POST,user=servlet,password=manager,bgcolor	CVE-2001-1195
Windows XP UPNP Vulnerabilities	There exists multiple vulnerabilities within the Windows XP UPNP service. The first vulnerability is a remote buffer overflow vulnerability. The second is a denial of service attack and the third a distributed denial of service attack. Fix:Install the Microsoft security patch ASAP.	CVE-2001-0876
BSCW 4.0.x remote command execution	Two vulnerabilities were discovered in BSCW that can be exploited to execute commands remotely. Fix:Upgrade to the most current version of BSCW Server to eliminate this and possibly other security vulnerabilities present in the software.	CVE-2002-0094
Last Lines CGI Remote Command Execution	Lastlines.cgi does not filter shell metacharacters from web requests. As a result, it is possible for a remote attacker to execute commands on the shell of a host running the vulnerable script. Commands will be executed with the privileges of the webserver process. Fix:eEye is unaware of any fix or upgrade that eliminates this vulnerability. Please check the vendors website for any updates.	CVE-2001-1206
Savant 3.0 Webserver Buffer Overflow	Due to a problem in URL handling in Savant 3.0 and prior, an attacker can gain a high degree of access to the server running Savant. If the attacker is not able to exploit the buffer overflow, he can easily take down the webserver. Fix:eEye is currently unaware of any vendor supplied solution to eliminate this vulnerability. Contact the vendor for an update.	CVE-2000-0641
BOOZT 0.9.8 CGI buffer overflow	A buffer overflow vulnerability in the admin.cgi member of the BOOZT suite, can be exploited to gain remote access to a web server with the permissions of the web server. Fix:Visit the vendor homepage and install the most recent version to eliminate this security vulnerability.	CVE-2002-0098
Pi3Web long CGI request buffer overflow	Pi3.org Pi3Web HTTP server 2.0.0 and earlier contains a buffer overflow vulnerability in its handling of long (260-character) /cgi-bin requests that can be remotely exploited to crash -- or possibly execute code upon -- the web server. Fix:Upgrade to the most current version of Pi3Web to eliminate this and possibly other security vulnerabilities in the software.	CVE-2002-0142
Web Server 4D/eCommerce 3.5.3 Buffer Overflow	A buffer overflow vulnerability in Web Server 4D/eCommerce 3.5.3 can be exploited to gain a high degree of remote access. Fix:Upgrade to the most current version of Web Server 4D to eliminate this and possibly other security vulnerabilities in the product.	CVE-2002-0123
Allegro Embedded Web Server Detected	Retina has detected the Allegro Software RomPager HTTP server on the targeted system. Allegro RomPager is known to reside on embedded devices or appliances (e.g. modems, power management devices, Cisco devices) and is historically known to contain vulnerabilities that could allow attackers to crash the device or potentially execute arbitrary code. Fix:This is a security-related warning. Ensure the device or system is using the newest available firmware/RomPager version, and restrict access to the device as needed. Note: Devices that have been discontinued by the manufacturer (e.g. 3COM Cable Modems) may used dated firmware. In this event, consider the time-span between the firmware date and the current date to determine if migration to a newer device is needed to reduce susceptibilty to historically relevant vulnerabilities.	CVE-2001-1293 CVE-2000-0470
EasyBoard 2000 Remote Buffer Overflow	A buffer overflow in EasyBoard 2000 involving the handling of the Content-Type request header can be exploited to remotely execute code with the privileges of the web server. Fix:eEye is currently unaware of any vendor supplied solutions to eliminate this problem. We recommend you contact the vendor for an update.	CVE-2002-0263
PHP Post File Upload Buffer Overflow Vulnerability	A vulnerability in several older versions of PHP can be exploited by an attacker to execute arbitrary code. This vulnerability exists in the handling of MIME encoded file uploads. Fix:Upgrading to the most recent version of PHP will eliminate this and various other vulnerabilities discovered in the past.	CVE-2002-0081
IIS Cumulative - ASP Chunked Encoding Variant	There exists a variant buffer overflow vulnerability within how Microsoft IIS handles chunked encoding requests. Fix:Install the Microsoft patch.	CVE-2002-0147
IIS Cumulative - HTTP Header Overflow	There exists a buffer overflow within how Microsoft IIS handles HTTP header data. Attackers can exploit this vulnerability in order to remotely execute code on a susceptible web server. Fix:Install the appropriate Microsoft patch.	CVE-2002-0150
IIS Cumulative - HTR ISAPI extension overflow	There exists a buffer overflow vulnerability within the Microsoft IIS .htr ISAPI filter. Attackers can potentially leverage this vulnerability to execute malicious code remotely on your web server. Fix:Install the appropriate Microsoft patch.	CVE-2002-0071
IIS Cumulative - DoS FTP status request - 2000	There exists a denial of service vulnerability within the Microsoft IIS FTP service. It can be used by attackers to remotely crash an IIS FTP server. Fix:Install the appropriate Microsoft patch.	CVE-2002-0073
Phorum 3.3.2 Remote Command Execution Vulnerability	Retina has detected that this host is running Phorum. A vulnerability discovered in Phorum 3.3.2 can be exploited to remotely execute commands. The problem exists in the handling of external PHP scripts. Fix:Upgrade to a more recent version of Phorum to eliminate this vulnerability. Phorum 3.3.2 b3 and later are immune to the exploitation of this vulnerability.	CVE-2002-0764
Multiple Vulnerabilities in WebLogic	BEA WebLogic contains numerous security issues which have been fixed up to Service Pack 11. The worst of these allow remotely executing code of the attacker's choice. Fix:Obtain the latest WebLogic service pack.
Apache Chunking Integer Overflow	An integer overflow in the chunked encoding implementation in Apache web server versions 1.3.24 and earlier, and versions 2.0 through 2.0.36, can be exploited to gain remote access to the vulnerable web server. Fix:The Apache group has released updated versions of Apache on their website that eliminate this vulnerability.	CVE-2002-0392
OpenSSH 3.3 Remote Challenge Integer Overflow	Several versions of the OpenSSH sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. An attacker can use this vulnerability to gain remote root access to any vulnerable OpenSSH server. Fix:Upgrade to OpenSSH 3.4 or later.	CVE-2002-0639
OpenSSH 3.3 PAMAuth Integer Overflow	Several versions of the OpenSSH sshd between 1.2.2 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. Fix:Upgrade to OpenSSH 3.4 or later.	CVE-2002-0640
BIND 9 chain response vulnerability	A vulnerability in data chain response handling can be exploited by an attacker to remotely disable a BIND 9 dns server. Functionality of the BIND 9 server will not be available unless BIND 9 is manually restarted. Fix:ISC has released BIND 9.2.1 that eliminates this vulnerability.	CVE-2002-0400
BIND 9 resolver buffer overflow	A buffer overflow in libbind and libc can be exploited by an attacker to gain remote access to any server that uses these vulnerable resolver implementations. BIND up to 9.2.1, Sendmail, and most versions of Unix are vulnerable, to name a few. Fix:Contact your operating system vendor to retrieve a patch or upgrade.	CVE-2002-0651
Macromedia JRun Admin Server Authentication Bypass	JRun is Macromedia's servlet / jsp engine. It installs a web based administration console on TCP port 8000. Before using the console, users are required to login via an HTML form. This form can be bypassed, and administrative functions accessed without authentication. Ensure you have the first patch for version 4.0. This check may produce false positives due to a lack of informative response from JRun and the number of different environments it runs on. Fix:Download the cumulative patch for JRun from Macromedia.	CVE-2002-0665
PHP multipart/form-data Post Buffer Overflow	PHP contains code for intelligently parsing the headers of HTTP POST requests. The code is used to differentiate between variables and files sent by the user agent in a "multipart/form-data" request. This parser has insufficient input checking, leading to the vulnerability. The vulnerability is exploitable by anyone who can send HTTP POST requests to an affected web server. Both local and remote users, even from behind firewalls, may be able to gain privileged access. Fix:The PHP Group has released a new PHP version, 4.2.2, which incorporates a fix for the vulnerability. All users of affected PHP versions are encouraged to upgrade to this latest version.
Macromedia JRun Host Header Field Buffer Overflow Vulnerability	The JRun ISAPI filter for .jsp files has a buffer overflow condition in it which is known to be exploitable on Windows platforms at the SYSTEM level. Fix:Upgrade to the most recent version of JRun.	CVE-2002-0801
SSH CRC-32 Compensation Attack Detector Vulnerability	Various SSH implementations are vulnerable to a buffer overflow that allows a remote attacker to run arbitrary code. The SSH implementations include code for detection of a packet injection attack that would permit command execution. The code to detect the attack contains a vulnerability. A malicious user can overflow a 16-bit unsigned integer variable allowing memory address modification. (Note: There is a possibility this audit may generate a false positive result when scanning a Cisco appliance.) Fix:Obtain the latest version of your chosen SSH package to eliminate this and other vulnerabilities discovered in the past.	CVE-2001-0144
Sendmail DNS Map TXT Overflow	A remotely exploitable buffer overflow exists in Sendmail versions 8.11 through 8.12.4. This vulnerability only exhibits itself if you have modified the configuration file to look up TXT records in DNS. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the latest version of Sendmail.	CVE-2002-0906
Multiple Vulnerabilities in Lotus Domino WebServer	These vulnerabilities range from arbitrary file execution to admin bypass to DoS. This check covers vulnerabilities up to Lotus Domino 5.0.10, the last of which is a DoS. Fix:Upgrade to Domino version to the latest version.
Multiple Vulnerabilities in Microsoft Exchange 5.5 and 2000	There are a wide range of vulnerabilities in Microsoft Exchange 2000 pre-6.0.5762.3 or Microsoft Exchange pre-5.5.2651.50, including ones which allow arbitrary file execution and attacks against users on the network. Ensure you have the latest version. Fix:Upgrade to the latest version of Exchange Server.
AIX ftpd Remote Buffer Overflow	A remote buffer overflow vulnerability in AIX's ftpd allows remote users to obtain root access. Fix:Apply the patch provided by the vendor: AIX 4.3: APAR: IY23674	CVE-1999-0789
OpenSSH 3.0 channel code buffer overflow vulnerability	A vulnerability in the channeling mechanism within versions of OpenSSH from 2.0, prior to 3.1, can be exploited to execute arbitrary code on a server running the OpenSSH daemon, or on a vulnerable client machine if it attempts to authenticate with a malicious server. Fix:Upgrade to the most recent version of OpenSSH to eliminate this and other possible vulnerabilities in prior versions.	CVE-2002-0083
Microsoft Site Server Information Leakage and Data Modification	Microsoft Site Server is vulnerable to flaws that may allow attackers to view sensitive information, cause a denial of service, exploit trust relationships through cross-site scripting attacks, and execute arbitrary code. These flaws are caused by insufficient access controls on administrative pages, unsafe use of default login and password, and improper parsing of user-supplied data in URLs. Remote attackers can use the default login and password to gain access to privileged information, including scripts in the /SiteServer/Admin/ directory and the /_mem_bin/ directories, and may be able to use anonymous login privileges to remotely browse the LDAP server and gain access to plaintext passwords of other LDAP accounts. Additionally, remote attackers can also execute denial of service attacks by using the anonymous account to upload very large files to the /Sites/Publishing/Users/ directory, and can upload and execute files by utilizing scripts in the /SiteServer/Publishing directory that use the /scripts/cphost.dll object. Fix:Install the latest service pack available from the Microsoft Site Server support site.
Netware NWFTPD format string vulnerability	This Novell Netware FTP server contains a format string vulnerability in it's implementation of username processing. This vulnerability can be exploited to gain a high degree of remote access to this vulnerable Novell Server. Fix:At the time this audit was created Novell had not provided a patch or service pack that eliminated this vulnerability. Please visit their website for any updates.	CVE-2002-0930
Unicode Directory Traversal Vulnerability	A vulnerability exists on the target web server when parsing file requests that contain Unicode Characters. This allows a remote attacker to traverse directories outside of the web root and potentially execute arbitrary commands. This vulnerability was actively exploited in Microsoft IIS (Internet Information Services) 4.0 and 5.0, and could be similarily exploited on the detected system. Fix:Install the appropriate vendor patch or contact your vendor if no patch is available.	CVE-2008-2370 CVE-2008-2938 CVE-2000-0884
OpenSSH Kerberos Arbitrary Privilege Elevation	Certain implementations of OpenSSH 3.0p1 and prior that include the ability to use Kerberos authentication, are vulnerable to remote compromise due to a buffer overflow vulnerability within the Kerberos authentication support. Fix:Upgrade to the most recent version of OpenSSH to eliminate this and other vulnerabilities discovered in the past.
SSH Communications Security Short Password Login Vulnerability	Due to an input validation problem in SSH Communications Security SSH2 3.0 servers, it may be possible for remote users to log in to accounts for which there are two or less characters in the password field of the system password file. Fix:Upgrade to the most recent version of SSH Communications Security SSH server to eliminate this and other vulnerabilities discovered in the past.	CVE-2001-0553
Van Dyke Technologies VShell Buffer Overflow Vulnerability	Due to a flaw in the handling of username validation within VShell, it is possible for a remote user to exploit a buffer overflow and execute arbitrary code with SYSTEM privileges. Fix:Upgrade to the most recent versions of VSHELL to eliminate this and other vulnerabilities discovered in the past.	CVE-2001-0155
OpenSSH Private Key Authentication Check Vulnerability	OpenSSH 2.3.1 servers compiled between January 18, 2001, and February 8, 2001, were built without a crucial function that handles passwordless, key based access. If your server is configured to allow only key access an attacker can gain remote access to your OpenSSH 2.3.1 server. Fix:Upgrade your OpenSSH server to the most recent version to eliminate this and other vulnerabilities.
SSH Secure-RPC Weak Encrypted Authentication Vulnerability	A vulnerability in SSH Communications Security SSH could allow, under certain conditions, the discovery of the secret key used to encrypt traffic on the local host. Fix:Upgrade to the most recent version of SSH Communications Security SSH to eliminate this and other vulnerabilities discovered in the past.	CVE-2001-0259
OpenSSH Client Unauthorized Remote Forwarding	The OpenSSH client does not sufficiently check for the ssh-agent and X11 forwarding options after an SSH session has been negotiated. This allows the server to gain access to either of these two resources on the client side. This could result in a malicious server gaining access to the X11 display and remotely watching the desktop and keystrokes. Fix:Upgrade to the most recent version of OpenSSH to eliminate this and other vulnerabilities discovered in the past.	CVE-2000-1169
SSH Client xauth Vulnerability	A vulnerability exists in the default configuration of the SSH client that could be used to read the xauth key from the user's .Xauthority file, and used to connect to the client machine. The client machine can be compromised by exploiting this vulnerability. Fix:Upgrade to the most recent version of SSH to eliminate this and other vulnerabilities discovered in the past.	CVE-2000-0217
SSHD RSAREF Buffer Overflow Vulnerability	A buffer overflow vulnerability in the RSAREF cryptographic library can be exploited to gain remote root access to the any vulnerable SSH server that has linked in the RSAREF2 library. Fix:Upgrade to the most recent version of SSH to eliminate this and other vulnerabilities discovered in the past.	CVE-1999-0834
SQL Server Unchecked Buffer in MDAC Function	The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer. An attacker who submitted a database query containing a specially malformed parameter within a call to OpenRowSet could overrun the buffer, either for the purpose of causing the SQL Server to fail or causing the SQL Server service to take actions dictated by the attacker. Fix:Install Service Pack 2 for SQL Server 2000 from Microsoft.	CVE-2002-0695
SQL 2000 Resolution Service Overflows (Sapphire Worm)	There are three security vulnerabilities here. The first two are buffer overflows. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with carefully selected data could allow the attacker to run arbitrary code. The third vulnerability is a remote DoS. Fix:Install Service Pack 3 for SQL Server 2000 from Microsoft.	CVE-2002-0649
SQL 2000 password encryption buffer overflow	Microsoft SQL Server 2000 SP2 and earlier contains a buffer overflow vulnerability in the routine that encrypts SQL Server credentials. By invoking the procedure with specially-crafted long parameters, an attacker could execute malicious code in the context of the server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2002-0624
SQL Server SQLXML Remote Overflow	Microsoft SQL Server 2000 includes a feature called SQLXML that allows the server to handle SQL queries and responses via XML. IIS enables XML over HTTP using SQLXML HTTP components, one of which is an ISAPI extension. Proper bounds checking is not made on a field of this query, allowing remote arbitrary code execution. Fix:Install Service Pack 2 for SQL Server 2000 from Microsoft.	CVE-2002-0186 CVE-2002-0187
SQL 2000 multiple XP buffer overflows	Microsoft SQL Server 2000 SP2 and earlier contains buffer overflow vulnerabilities in many of its extended stored procedures (XPs). By providing specially-crafted long arguments to any of these routines, an attacker can execute arbitrary code on the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2002-0154
SQL 2000 OLE DB provider name buffer overflow	Microsoft SQL Server 2000 SP2 and earlier is susceptible to a buffer overflow in the OpenDataSource and OpenRowset functions if a long provider name string is supplied. A remote attacker could exploit this vulnerability to cause the execution of malicious code. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2002-0056
SQL Server 7 Extended Procedure Overflow	Microsoft SQL Server 7.0 and 2000 have an overflow issue in the extended store procedure "xp_dirtree". This may allow a remote attack to execute arbitrary code of their choosing. Fix:Install Service Pack Three for SQL Server 7 from Microsoft.	CVE-2002-0154
SQL Server 7 Remote Data Source Overflow	Microsoft SQL Server contains several buffer overflows in "functions that are associated with connecting to remote data sources through 'ad hoc names.'" These will allow a remote attacker to run arbitrary code of their choice. Fix:Install Service Pack Three for SQL Server 7 from Microsoft.	CVE-2002-0056
SQL 7 Text Formatting Functions Contain Unchecked Buffers	SQL Server 7.0 and 2000 provide a number of functions that enable database queries to generate text messages. In some cases, the functions create a text message and store it in a variable; in others, the functions directly display the message. Two vulnerabilities associated with these functions have been discovered. One vulnerability is an exploitable buffer overflow condition, and the other is a DoS condition. Fix:Install Service Pack Three for SQL Server 7 from Microsoft.	CVE-2001-0879
SQL 7 Unchecked Buffer in MDAC Function	The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer. An attacker who submitted a database query containing a specially malformed parameter within a call to OpenRowSet could overrun the buffer, either for the purpose of causing the SQL Server to fail or causing the SQL Server service to take actions dictated by the attacker. Fix:Install Service Pack 4 for SQL Server 7 from Microsoft.	CVE-2002-0695
OpenSSL ASCII Integer Representation Vulnerability	A buffer overflow exists in ASCII representations of integers on 64 bit platforms. An attack can use this vulnerability to gain execute code on the vulnerable server or client. Fix:Upgrade your OpenSSL package to the most recent version to eliminate this and other vulnerabilities discovered in the past.	CVE-2002-0655
OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow	A buffer overflow has been reported in the handling of the client key value during the negotiation of the SSLv2 protocol. A malicious client may be able to exploit this vulnerability to execute arbitrary code as the vulnerable server process, or possibly to create a denial of service condition. Fix:Upgrade your OpenSSL package to the most recent version to eliminate this and other vulnerabilities discovered in the past.	CVE-2002-0656
SLMail 2.6 VRFY Buffer Overflow Vulnerability	A buffer overflow vulnerability in SLMail 2.6 and prior can be exploited to gain remote SYSTEM on any vulnerable mail server where SLMail is implemented as a mail solution. Fix:Upgrade your version of SLMail to the most current version available to eliminate this and other vulnerabilities discovered in SLMail in the past.	CVE-1999-0231
SLMail 3.0 VRFY and EXPN Buffer Overflow Vulnerabilities	SLMail improper handles large argument buffers when dealing with the EXPN and VRFY SMTP commands. By supply a carefully crafted argument with the EXPN or VRFY command, an attacker can gain remote SYSTEM access to the vulnerable mail server. Fix:Upgrade to the most recent version of SLMail to eliminate these vulnerabilities.
SLMail 3.0 HELO Buffer Overflow Vulnerability	A buffer overflow in SLMail HELO argument parsing can be exploited to gain remote SYSTEM on any vulnerable SLMail implemented mail server. Fix:Upgrade to the most recent version of SLMail to eliminate this and other vulnerabilities discovered in the past.	CVE-1999-0284
Solaris SNMP default community name	Solaris Operating System 2.6 and prior versions include an SNMP subagent that has a default community string. Remote attackers can utilize this out-of-box vulnerability to execute arbitrary commands as root, or modify system parameters. Fix:Sun has made a patch available to eliminate this vulnerability. If you are not using the SNMP agent we recommend disabling it or removing it from your server.	CVE-1999-0186
CGI - Multiple Vendor whois.cgi Metacharacter Vulnerability	A vulnerability in the various whois CGI implementations, can be exploited to remotely execute commands. The vulnerabilities arise due to insufficient parsing of shell metacharacters in the domain entry. Fix:We recommend removing this script, or limiting access to it to avoid outside parties from abusing it or exploit any existing security holes.	CVE-1999-0983 CVE-2000-0941
BadBlue long URL buffer overflow vulnerability	Working Resources BadBlue 1.2.7 and earlier is susceptible to a buffer overflow attack in which the remote attacker requests a URL of the form http://target/ext.dll?AAAA...AAA with a total length of 256 bytes or greater. Fix:Upgrade to the most current version of BadBlue to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0277
BadBlue multiple cross-site script vulnerabilities	Working Resources BadBlue versions 1.6.1 and earlier are vulnerable to a number of cross-site scripting attacks through which malicious script can perform administrative actions on the local web server, such as creating virtual directories and users. Fix:Upgrade to the most current version of BadBlue to eliminate this and possibly other security vulnerabilities in the product.	CVE-2002-0326
CGI - fpcount.exe	A buffer overflow vulnerability in older versions of fpcount.exe can be remotely exploited to execute arbitrary commands. Fix:fpcount.exe is not needed to operate FrontPage. Remove the file from your system to eliminate this vulnerability.	CVE-1999-1376
Savant Web Server long GET buffer overflow	Michael Lamont Savant Web Server 3.0 and earlier exhibits a buffer overflow condition when it receives a unusually long GET request. A remote attacker can exploit this vulnerability to cause the execution of arbitrary code on the host. Fix:Upgrade to the most current version of Savant Web Server to eliminate this and possibly other security vulnerabilities in the software.	CVE-2000-0641
Savant Web Server 3.1 long GET buffer overflow	Michael Lamont Savant Web Server 3.1 contains a buffer overflow vulnerability that can be exploited by sending a specially-crafted GET request with a URL consisting of 291 or more characters, crashing the server or causing the execution of malicious code. Fix:Upgrade to the most current version of Savant Web Server to eliminate this and possibly other security vulnerabilities in the software.	CVE-2002-1120
Savant Web Server cgitest.exe buffer overflow	The cgitest.exe sample program in Michael Lamont Savant Web Server 3.1 and earlier is susceptible to a remote, anonymous buffer overflow attack via a long POST data string that allows the execution of arbitrary code on the host. Fix:Remove the cgitest.exe sample program from the cgi-bin directory as a workaround, and if possible, upgrade to the most current version of Savant Web Server to eliminate other security vulnerabilities in the software.
Savant Web Server header field buffer overflow	Michael Lamont Savant Web Server 3.0 and earlier is susceptible to a buffer overflow attack involving long request-header fields (i.e., Host:AAAA...AAA) that allow a remote attacker to cause the execution of arbitrary code on the host machine. Fix:Upgrade to the most current version of Savant Web Server to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-0433
CGI - FormMail remote command execution	Retina has detected that FormMail is installed on this webserver. FormMail version 1.0 can be exploited by a remote attacker to execute arbitrary commands on a victim's server due a flaw in parsing form data with shell metacharacters. Fix:Upgrade to the most recent version of FormMail to eliminate this vulnerability.	CVE-1999-0172
CGI - Info2www remote command execution	Retina has detected that Info2www is installed on this webserver. Info2www version 1.1 can be exploited by a remote attacker to execute arbitrary commands on a victim's server due a flaw in parsing form data with shell metacharacters. Fix:Upgrade to the most recent version of Info2www to eliminate this vulnerability.	CVE-1999-0266
Cherokee remote command execution vulnerability	Cherokee HTTPd 0.2.6 and earlier does not filter shell metacharacters from web requests, thereby allowing a remote attacker to execute arbitrary commands. Since versions 0.2.6 and prior retain root privileges, this is an especially severe vulnerability. Fix:Upgrade to the most current version of Cherokee to eliminate this and possibly other vulnerabilities in the software.
Popper_Mod Default Administrative Access Vulnerability	Symantec Computer's popper_mod version 1.2.1 and prior is installed without correctly protecting administrative web pages. Fix:Symantec does not currently provide or maintain popper_mod. It has been superseded by popper_mod-wid.	CVE-2002-0513
eFTP Long Request Buffer Overflow	eFTP versions 2.0.5.315 and earlier exhibit a buffer overflow vulnerability in the server functionality that allows a remote attacker to crash or execute arbitrary code on a host by sending a request consisting of 2048 or more characters. Fix:Upgrade to the most recent version of eFTP to eliminate this and possibly other security vulnerabilities in the software.	CVE-2000-0870 CVE-2000-0871
eFTP Malformed Shortcut Buffer Overflow	The server portion of eFTP prior to version 2.0.8.345 exhibits a buffer overflow condition when the remote user requests the listing of a directory containing a specially-malformed shortcut (.LNK) file, that could be exploited to execute code on the host. Fix:Upgrade to the most recent version of eFTP to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-1112
eFTP Password Hash Retrieval	eFTP versions prior to 2.0.8.345, when running as a server, can be tricked into sending the user name and hashed password of the account under which the FTP server is running to an attacker, in response to a request referencing \\attackerip\netshare\file. Fix:Upgrade to the most recent version of eFTP to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-1110
IMail long mailbox name buffer overflow	Ipswitch IMail 7.04 and earlier is susceptible to a buffer overflow in its web interface when passed a long mailbox name consisting of at least 248 dots. A remote attacker can exploit this vulnerability to crash the server or possibly execute code. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-1283
IMail web calendar buffer overflow vulnerability	The web calendaring service included with Ipswitch IMail 7.05 and earlier exhibits a buffer overflow condition that allows a remote attacker to execute code in the context of the server (usually SYSTEM) by sending a GET request of more than 96 characters. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-1287
IMail web service HTTP/1.0 GET buffer overflow	Ipswitch IMail 7.11 and earlier is vulnerable to a buffer overflow in its web service that allows a remote attacker to execute arbitrary code on the host by sending a specially-crafted HTTP/1.0 GET request longer than 96 characters. Fix:Upgrade to the most current version of IMail to eliminate this and possibly other security vulnerabilities in the product.	CVE-2002-1076
OmniHTTPd statsconfig.pl arbitrary file corruption	Omnicron Technology Corporation OmniHTTPd 2.07 and earlier exhibits an input validation vulnerability in the included statsconfig.pl script that allows any file accessible by the web server to be corrupted. Fix:Upgrade to the most current version of OmniHTTPd to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0114
DeleGate POP proxy USER buffer overflow	The POP3 proxy service provided by DeleGate 7.8.1 and earlier is susceptible to a buffer overflow involving a long USER command argument that allows the execution of arbitrary code on the host machine. Fix:Upgrade to the most current version of DeleGate to eliminate this and possibly other security vulnerabilities in the product.
EvilFTP Server Detected	EvilFTP has been found operating on this machine. EvilFTP is an FTP server that allows program execution via the EXEC command, does not support logging capabilities, and exhibits stealth behavior; therefore, it is considered a trojan horse / backdoor. Fix:If the presence of EvilFTP is not authorized, remove it from the machine. It typically exists as msrun.exe in the Windows system directory and inserts a line in win.ini to have itself executed on startup.
Apache mod_ssl session caching buffer overflow	A session caching vulnerability in Apache mod_ssl versions prior to 2.8.7 can be exploited by remote attackers to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA). Fix:Upgrade to the most recent version of OpenSSL to eliminate this and other vulnerabilities discovered in the past.	CVE-2002-0082
OpenSSL PRNG weakness	The pseudo-random number generator (PRNG) in SSLeay/OpenSSL versions up to 0.9.6a is weakened by a design error. Using this weakness an attacker can determine the state of the pseudo random number generator. Fix:Upgrade to the most recent version of OpenSSL to eliminate this and other vulnerabilities discovered in the past.	CVE-2001-1141
OpenSSL Kerberos Enabled SSLv3 Key Exchange Vulnerability	A vulnerability in kerberos enabled OpenSSL installations can be exploited remotely by supplying an carefully crafted master key to an SSL version 3 server. Fix:Upgrading to the most recent version of OpenSSL will eliminate this and other vulnerabilities discovered in the past.	CVE-2002-0657
OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow	Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges. Fix:eEye Recommends upgrading your installation of OpenSSH to the most recent version in order to eliminate this and other possible vulnerabilities in prior versions.	CVE-2002-0575
SSH 1.5 PKCS #1 Version 1.5 Session Key Retrieval	The SSH version 1.5 protocol allows a remote attacker to decrypt and/or alter traffic via an attack on PKCS#1 version 1.5 knows as a "Bleichenbacher attack". Fix:Upgrade to the most recent version of SSH Communications Security SSH to eliminate this and other vulnerabilities discovered in the past.	CVE-2001-0361
Sendmail Debugger Arbitrary Code Execution	An integer overflow vulnerability in debug argument handling can be exploited to write to various areas of process memory. Using this vulnerability an attacker can escalate his privileges to that of the root account. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the most recent version of Sendmail to eliminate this and other vulnerabilities discovered in the past.	CVE-2001-0653
AOLserver long password buffer overflow	AOLserver 3.2 and earlier is exhibits a buffer overflow condition when attempting to handle a long Authorization password string. A remote attacker can exploit this vulnerability -- even if no folders are password-protected -- to execute arbitrary code. Fix:Upgrade to the most current version of AOLserver to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-1067
AOLserver Ns_PdLog format string vulnerability	AOLserver versions 3.0 through 3.4.2 (all platforms) contain a format string vulnerability in the Ns_PdLog API function when an error type of Notice or Error is used. A remote attacker could exploit an unsanitized call to the function to execute code. Fix:Upgrade to the most current version of AOLserver to eliminate this and possibly other security vulnerabilities in the software.	CVE-2002-0586
AOLserver Ns_PdLog buffer overflow vulnerability	AOLserver versions 3.0 through 3.4.2 (all platforms) are vulnerable to a buffer overflow in the Ns_PdLog API function when called with an error type of "Notice" or "Error," that may allow a remote attacker to execute arbitrary code on the host. Fix:Upgrade to the most current version of AOLserver to eliminate this and possibly other security vulnerabilities in the software.	CVE-2002-0587
ProFTPD MKD / CWD path buffer overflow	ProFTPD 1.2.0 pre5 and earlier exhibits a buffer overflow condition when attempting to handle a long path of more than 255 characters. If an attacker creates a sufficient number of nested directories, he can execute arbitrary code on the host. Fix:Upgrade to the most current version of ProFTPD to eliminate this and possibly other security vulnerabilities in the software.	CVE-1999-0911
wu-ftpd /bin misconfiguration vulnerability	wu-ftpd 2.4.1 and earlier exhibits a misconfiguration that allows users with accounts to execute programs in the /bin directory as root via the SITE EXEC command. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the software. For more information on resolving this issue, see the hyperlinked CERT advisory.	CVE-1999-0080
wu-ftpd MKD / CWD path buffer overflow	wu-ftpd versions prior to 2.6.0 are susceptible to a buffer overflow when attempting to handle a long path consisting of more than 255 characters. If an attacker creates a sufficient number of nested directories, he can execute arbitrary code. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the software.	CVE-1999-0911
wu-ftpd SITE EXEC Race Condition	wu-ftpd 2.4.1 and earlier exhibits a race condition that allows a remote, unauthenticated attacker to gain access to any account on the host machine (including root) via the SITE EXEC command. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the software.	CVE-1999-0955
wu-ftpd globbing buffer overflow vulnerability	wu-ftpd 2.6.1 and earlier is vulnerable to a buffer overflow in the portion of ftpglob() matching open and close brackets, that can lead to user-supplied data being passed to the free() function. This condition can be exploited to execute arbitrary code. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0935
wu-ftpd setproctitle() format string vulnerability	wu-ftpd 2.6.0 and earlier contains a format string vulnerability in its call to set_proc_title() that may allow a remote attacker to cause a denial of service or possibly execute arbitrary code. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the software.	CVE-2000-0574
wu-ftpd PASV core dump password disclosure	Versions of wu-ftpd dating back to circa October 1996 (2.4.2-BETA-11) exhibit an error that allows a remote attacker to generate a core dump containing an FTP user's password by issuing a malformed PASV command. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the product.	CVE-1999-0075
wu-ftpd distribution may contain backdoor	The distribution of wu-ftpd 2.1f and 2.2 was briefly tainted with code to provide a backdoor password for logging in under any user name other than anonymous. Fix:It is strongly recommended that you upgrade to a more recent version of wu-ftpd; however, if this is not a viable option, the presence of the Trojan horse code can be detected by examining ftpd.c as described in the hyperlinked CERT advisory.	CVE-1999-0661
wu-ftpd ABOR privilege escalation vulnerability	wu-ftpd 2.4 and earlier allows a remote user to assume root privileges by aborting a file transfer in such a way that the ABOR command notification is received during the privileged logout procedure. Additionally, this technique also disables logging. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the software.	CVE-1999-1326
wu-ftpd RNFR arbitrary file overwriting	wu-ftpd version 2.4 and earlier allows a remote user to overwrite or rename arbitrary files (i.e., regardless of file permissions) using the RNFR command. Fix:Upgrade to the most current version of wu-ftpd to eliminate this and possibly other security vulnerabilities in the software.	CVE-1999-0081
WebWho+ webwho.pl remote command execution	Tony Greenwood WebWho+ versions 1.1 and earlier contain an input filtering error in the whois scripting that allows a remote attacker to execute commands on the host through the use of shell metacharacters in the "type" (TLD) parameter. Fix:Upgrade to the most current version of WebWho+ to eliminate this and possibly other security vulnerabilities in the product.	CVE-2000-0010
BizDB bizdb1-search.cgi remote command execution	CNC Technology BizDB search script (bizdb1-search.cgi) version 1.0 and earlier contains an unchecked open() call to which the value of the dbname form parameter is passed, allowing a remote attacker to execute arbitrary commands on the host. Fix:Upgrade to the most current version of the BizDB product to eliminate this and possibly other security vulnerabilities in the software.	CVE-2000-0287
Moby NetSuite long URL buffer overflow	Moby NetSuite 1.02 and earlier is susceptible to a buffer overflow when attempting to handle a long URL that will cause the server to crash, and may allow a remote attacker to execute malicious code on the host. Fix:Upgrade to the most current version of NetSuite to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-0275
RPC rwalld service	The rwalld service is running. This service has had a long history of serious vulnerabilities. One such vulnerability permits an attacker to spoof messages to users currently operating in a shell environment on this server. Several versions of rwalld contain remotely exploitable buffer overflows and format bugs that can be exploited to gain remote root access to any vulnerable rwalld server. Fix:To ensure the integrity of your network we recommend that you disable or remove this service.	CVE-2002-0573 CVE-1999-0181
RPC rpc.yppasswdd service	The rpc.yppasswdd service is running. Several versions of the yppasswdd RPC service contain buffer overflow vulnerabilities that can be exploited by a remote attacker to execute code under the context of the root user. Fix:We recommend disabling this service due to it's vulnerable nature. If do not wish do disable this service obtain and install the latest version from your vendor.	CVE-2001-0779
RPC cachefsd service	Multiple versions of the cachefsd RPC service contain a heap overflow vulnerability that can be used by remote attackers to execute arbitrary code via a request with a long directory and cache name. Fix:We recommend disabling this service due to its vulnerable nature. If you do not wish to disable the service, obtain and install the latest version from your vendor.	CVE-2002-0084 CVE-2002-0033
YoungZSoft CMailServer USER buffer overflow	YoungZSoft CMailServer 3.30 and earlier is susceptible to a buffer overflow when supplied with a very long USER argument. A remote attacker can exploit this vulnerability to execute arbitrary code on the mail server. Fix:Upgrade to the most current version of YoungZSoft CMailServer to eliminate this and possibly other security vulnerabilities in the product.	CVE-2002-0799
MDaemon SMTP HELO buffer overflow vulnerability	Alt-N Technologies MDaemon 2.8.5 and earlier exhibits a buffer overflow condition when attempting to handle a long SMTP HELO command. A remote attacker could exploit this vulnerability to cause a denial of service, or possibly arbitrary code execution. Fix:Upgrade to the most current version of MDaemon to eliminate this and possibly other security vulnerabilities in the product.	CVE-1999-0284
MDaemon POP3 long USER buffer overflow	Alt-N Technologies MDaemon 3.1 beta and earlier is prone to a buffer overflow in its POP3 service resulting from a long USER command. A remote attacker may exploit this vulnerability to cause a denial of service, or perhaps even arbitrary code execution. Fix:Upgrade to the most current version of MDaemon to eliminate this and possibly other security vulnerabilities in the product.	CVE-2000-0399
MDaemon SMTP long command buffer overflow	Alt-N Technologies MDaemon 3.5.0 and earlier is vulnerable to a buffer overflow in its SMTP service upon receiving a very long command followed by a CR/LF. An attacker can exploit this flaw to crash a remote host, or to possibly execute malicious code. Fix:Upgrade to the most current version of MDaemon to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0064
MDaemon POP3 long command buffer overflow	Alt-N Technologies MDaemon 3.5.0 and earlier is vulnerable to a buffer overflow in its POP3 service upon receiving a very long command followed by a CR/LF. An attacker can exploit this flaw to crash a remote host, or to possibly execute malicious code. Fix:Upgrade to the most current version of MDaemon to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0064
MDaemon IMAP long command buffer overflow	Alt-N Technologies MDaemon 3.5.0 and earlier is vulnerable to a buffer overflow in its IMAP service upon receiving a very long command followed by a CR/LF. An attacker can exploit this flaw to crash a remote host, or to possibly execute malicious code. Fix:Upgrade to the most current version of MDaemon to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0064
MDaemon IMAP long SELECT / EXAMINE buffer overflow	The IMAP service provided in Alt-N Technologies MDaemon 3.5.6 and earlier exhibits a buffer overflow when processing long SELECT and EXAMINE commands. If either one is issued with more than about 250 characters, an overrun and subsequent crash results. Fix:Upgrade to the most current version of MDaemon to eliminate this and possibly other security vulnerabilities in the product.	CVE-2001-0584
Inetserv Webmail long GET request buffer overflow	A-V Tronics Inetserv 3.0 and earlier experiences a buffer overflow when trying to handle a long GET request (about 530 characters or longer), and as a result, a remote attacker can issue a specially-crafted request to execute arbitrary code on the host. Fix:Upgrade to the most current version of Inetserv to eliminate this and possibly other security vulnerabilities in the software, or as a temporary workaround, disable the Webmail interface.	CVE-2000-0065
Inetserv Webmail authentication buffer overflow	A-V Tronics Inetserv versions prior to 3.2.3 are susceptible to a buffer overflow when the Webmail service is supplied with a long HTTP authentication string. A remote attacker can exploit this vulnerability to execute arbitrary code on the mail server. Fix:Upgrade to the most current version of Inetserv to eliminate this and possibly other security vulnerabilities in the software, or as a temporary workaround, disable the Webmail interface.	CVE-2001-1294
Icecast print_client() format string vulnerability	Icecast server versions prior to 1.3.9 contain a format string vulnerability in the print_client() function that a remote attacker can exploit using a specially-crafted user agent name to cause the execution of arbitrary code on the host. Fix:Upgrade to the most current version of Icecast to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-0197
Icecast long GET buffer overflow	Icecast server versions 1.3.11 and earlier experience a buffer overflow when handling a specially-crafted, long GET request URL. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the Icecast server process. Fix:Upgrade to the most current version of Icecast to eliminate this and possibly other security vulnerabilities in the software.	CVE-2002-0177
Icecast 1.3.8 Multiple Buffer Overflows	Icecast server versions before 1.3.9 contain numerous unspecified buffer overflow vulnerabilities that a remote attacker could exploit to cause a denial-of-service or execute arbitrary code. Fix:Upgrade to the most current version of Icecast to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-1229 CVE-2001-1229
Icecast 1.3.9 Multiple Buffer Overflows	Icecast server versions prior to 1.3.10 contain multiple unspecified buffer overflow vulnerabilities that a remote attacker could exploit to cause a denial-of-service or execute arbitrary code. Fix:Upgrade to the most current version of Icecast to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-1230
MDAC Remote Data Services Detected	Retina has detected Microsoft Data Access Components (MDAC) Remote Data Services (RDS) is enabled and remotely accessible. MDAC RDS is historically known to contain vulnerabilities that could allow remote attackers to compromise the overall integrity and confidentiality of the web server. Fix:This is a security-related warning. Ensure that MDAC RDS is at the most current version level, that all appropriate security fixes are installed, and that access is properly restricted. Alternatively, if not explicitly needed for web services or applications, consider uninstalling or unmapping RDS from the Internet Services Manager.
rexec service	This service allows a user to remotely execute commands. Rexec is often implemented with cleartext authentication in place. An attacker with access to the local network segment may be able to compromise this server by sniffing traffic destined to this service. Fix:We recommend disabling this service. Linux: You can disable this service by commenting out its entry in the inetd.conf file located in the /etc directory. Windows: You can disable this service through the "services.msc" snap-in.	CVE-1999-0618
ZBServer Pro long GET buffer overflow	ZBServer Pro 1.50-R17 and earlier is susceptible to a buffer overflow when attempting to handle a long GET request (766 characters or more). A remote attacker could exploit this vulnerability to execute malicious code in the context of the web server. Fix:Upgrade to the most current version of ZBServer Pro to eliminate this and possibly other security vulnerabilities in the product.	CVE-2000-0002
RPC rpc.ypupdated service	The rpc.ypupdated service is running. Various versions of the rpc.ypupdated service do not enforce strong authentication. In combination with the weak authentication and the lack of input filtering, older versions of rpc.ypupdated can be exploited remotely by an attacker to leverage remote root access. Fix:Upgrade to the current version of rpc.ypupdated from your vendor, or if this service is unnecessary, remove or disable it following your vendor's directions.	CVE-1999-0208
Pi3Web ISAPI sample buffer overflow vulnerability	The sample ISAPI extension (TstISAPI.dll) included in Pi3.org Pi3Web 1.0.1 and earlier exhibits a buffer overflow when attempting to handle a long request, which a remote attacker can exploit this vulnerability to execute arbitrary code on the web server. For versions of Pi3Web after 1.0.1 this may be a false positive, as the TstISAPI.dll vulnerability has since been fixed. Fix:Remove the /isapi/tstisapi.dll sample ISAPI extension, or upgrade to the most current version of Pi3Web.	CVE-2001-0302
Apache Tomcat servlet cross-site scripting vulnerability	Apache Tomcat 4.0.3 and earlier does not properly sanitize user input when displaying an exception message in response to an invalid servlet request, providing a means of launch cross-site scripting attacks against users of the vulnerable server. Fix:Upgrade to the most current version of Apache Tomcat to eliminate this and possibly other security vulnerabilities in the software.	CVE-2002-0682
SunFTP long command buffer overflow vulnerability	Rasmus J.P. Allenheim's SunFTP build 9 and earlier experiences a buffer overflow upon receiving a long (2KB or more) command. A remote, unauthenticated attacker could exploit this vulnerability to crash, or execute arbitrary code upon, the FTP server. Fix:SunFTP has been discontinued by the author; therefore, no vendor-supplied fixes are available for this issue. It is recommended that you switch to more current FTP server software with a support system in place.	CVE-2000-0856
SunFTP directory traversal vulnerability	Rasmus J.P. Allenheim's SunFTP build 9 and earlier allows remote users to access files and directories outside the designated FTP root by using .. sequences in a relative path supplied to any of a number of commands, including GET, PUT, MKDIR, and RMDIR. Fix:SunFTP has been discontinued by the author; therefore, no vendor-supplied fixes are available for this issue. It is recommended that you switch to more current FTP server software with a support system in place.	CVE-2001-0283
Debian ProFTPD root privilege retention	Debian ProFTPd versions prior to 1.2.0pre10-2.0potato1 improperly retains the "run as uid/gid root" configuration option when anonymous access is enabled, even though the expected behavior is to replace this option with "run as uid/gid nobody". Fix:Upgrade to the most current version of ProFTPD to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-0456
Apache Win32 shell metacharacter command execution	Apache for Win32 versions before 1.3.24, and 2.0.x versions before 2.0.34-beta, allow the execution of arbitrary commands on the web server through the use of the pipe shell metacharacter in arguments sent to batch files (.bat) or command scripts (.cmd). Fix:Upgrade to the most current version of Win32 Apache to eliminate this and possibly other security vulnerabilities in the software.	CVE-2002-0061
FtpXQ long directory name buffer overflow	DataWizard Technologies FtpXQ 2.5 and earlier experiences a buffer overflow when a long directory name (255 or more characters) is supplied with the MKD command. This vulnerability can be exploited to crash the FTP server, or possibly to execute code. Fix:Upgrade to the most current version of FtpXQ to eliminate this and possibly other security vulnerabilities in the software.
SQL 2000 DBCC SourceDB buffer overflow	The Database Console Command (DBCC) in Microsoft SQL Server 2000 SP2 and earlier is susceptible to a buffer overflow involving a long SourceDB argument in a non-SQL data source. An authenticated user could exploit this vulnerability to execute arbitrary code in the context of the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2002-1137
SQL 2000 text formatting function buffer overflows	Microsoft SQL Server 2000 SP1 and earlier contains buffer overflow vulnerabilities in the raiserror(), formatmessage(), and xp_sprintf() functions, that an unprivileged user could exploit to execute arbitrary code in the context of the SQL server. Fix:Install SQL Server 2000 Service Pack 2.	CVE-2001-0542
SQL 2000 xp_displayparamstmt buffer overflow	Microsoft SQL Server 2000 (pre-SP) is susceptible to a buffer overflow in the srv_paraminfo function that can be triggered by indirectly passing a long parameter to the function via the xp_displayparamstmt extended stored procedure. An attacker can exploit this vulnerability to execute arbitrary code in the context of the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2000-1081
SQL 2000 xp_enumresultset buffer overflow	Microsoft SQL Server 2000 (pre-SP) is susceptible to a buffer overflow in the srv_paraminfo function that can be triggered by indirectly passing a long parameter to the function via the xp_enumresultset extended stored procedure. An attacker can exploit this vulnerability to execute arbitrary code in the context of the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2000-1082
SQL 2000 xp_showcolv buffer overflow	Microsoft SQL Server 2000 (pre-SP) is susceptible to a buffer overflow in the srv_paraminfo function that can be triggered by indirectly passing a long parameter to the function via the xp_showcolv extended stored procedure. An attacker can exploit this vulnerability to execute arbitrary code in the context of the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2000-1083
SQL 2000 xp_updatecolvbm buffer overflow	Microsoft SQL Server 2000 (pre-SP) is susceptible to a buffer overflow in the srv_paraminfo function that can be triggered by indirectly passing a long parameter to the function via the xp_updatecolvbm extended stored procedure. An attacker can exploit this vulnerability to execute arbitrary code in the context of the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2000-1084
SQL 2000 xp_peekqueue buffer overflow	Microsoft SQL Server 2000 (pre-SP) is susceptible to a buffer overflow in the srv_paraminfo function that can be triggered by indirectly passing a long parameter to the function via the xp_peekqueue extended stored procedure. An attacker can exploit this vulnerability to execute arbitrary code in the context of the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2000-1085
SQL 2000 xp_printstatements buffer overflow	Microsoft SQL Server 2000 (pre-SP) is susceptible to a buffer overflow in the srv_paraminfo function that can be triggered by indirectly passing a long parameter to the function via the xp_printstatements extended stored procedure. An attacker can exploit this vulnerability to execute arbitrary code in the context of the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2000-1086
SQL 2000 xp_proxiedmetadata buffer overflow	Microsoft SQL Server 2000 (pre-SP) is susceptible to a buffer overflow in the srv_paraminfo function that can be triggered by indirectly passing a long parameter to the function via the xp_proxiedmetadata extended stored procedure. An attacker can exploit this vulnerability to execute arbitrary code in the context of the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2000-1087
SQL 2000 xp_SetSQLSecurity buffer overflow	Microsoft SQL Server 2000 (pre-SP) is susceptible to a buffer overflow in the srv_paraminfo function that can be triggered by indirectly passing a long parameter to the function via the xp_SetSQLSecurity extended stored procedure. An attacker can exploit this vulnerability to execute arbitrary code in the context of the SQL server. Fix:Install the latest SQL Server 2000 Service Pack.	CVE-2000-1088
3CDaemon FTP long command buffer overflow	The FTP server component of 3Com's 3CDaemon version 2.0 (revision 10) and earlier experiences a buffer overflow when attempting to handle a command longer than 400 characters. An unauthenticated remote attacker can exploit this condition to execute malicious code on the server. Fix:Upgrade to the most current version of 3CDaemon to eliminate this and possibly other security vulnerabilities in the software.	CVE-2002-0606
Sendmail Address Field Parsing Buffer Overflow	Sendmail 8.12.7 and earlier contains a flaw in its message header address field parsing routine that can be leveraged to cause a buffer overflow. A remote attacker can exploit this vulnerability, using a specially-crafted "From", "To", or "CC" header, to execute arbitrary code in the context of the sendmail daemon. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the most current version of Sendmail, or apply the appropriate vendor-provided patch.	CVE-2002-1337
HP JetDirect telnet password disabled	The remote host was found to be an HP JetDirect device with the telnet password disabled. A malicious user could set the password, giving himself exclusive administrative access to the device. Fix:Enable the password by establishing a telnet connection to the host, then typing "passwd" at the prompt.	CVE-2001-1039 CVE-1999-1061
uploader.php may allow scripts to be uploaded	PHP Script Center Uploader (uploader.php) version 1.1 may allow a remote user to upload scripts to the server and execute them from the /uploads directory, possibly leading to the complete compromise of the server. Fix:Upgrade to the most current version of Uploader, and enable password protection on the upload form.
phpMyShop SQL injection vulnerability	phpMyTools phpMyShop versions prior to 1.40 contain an SQL injection vulnerability in the compte.php script that would allow a user to bypass the authentication process and possibly execute commands via SQL. Fix:Upgrade to the most current version of phpMyShop to eliminate this and possibly other security vulnerabilities in the product. If you are running phpMyShop 1.40 or later, this alert is a false positive.
Wordit Logbook arbitrary command execution	Wordit Logbook Classic 0.98b3 and earlier allows users to read arbitrary files and execute commands by supplying a specially-crafted "file" parameter. Fix:Upgrade to a later version of Wordit Logbook than 0.98b3 when it becomes available. As a temporary workaround, it is recommended that you restrict access to logbook.pl, or remove the file entirely.
DeleGate robots.txt buffer overflow	The HTTP proxy service in DeleGate versions prior to 8.5.0 experiences a buffer overflow when processing a robots.txt file with a large number of "User-agent" directives. A remote attacker could execute arbitrary code on the machine running DeleGate by hosting a malicious /robots.txt on a web server and then requesting it via the DeleGate HTTP proxy service. Fix:Upgrade to the most current version of DeleGate to eliminate this and possibly other security vulnerabilities present in the software.
Qpopper macro name buffer overflow	QUALCOMM Qpopper 4.0.4 and earlier is susceptible to a buffer overflow via the "MDEF" POP3 command. By providing a long macro name parameter, an authenticated user can cause an improper amount of string data to be copied to a buffer, possibly leading to the execution of arbitrary code in the context of the mail server. Fix:Upgrade to a more current version of Qpopper when it becomes available in order to eliminate this security vulnerability.	CVE-2003-0143
Upload Lite arbitrary file upload and execution	PerlScriptsJavaScripts.com Upload Lite 3.22 and earlier allows a user to create and run an arbitrary script upon the server by uploading two files with the same name, then executing the temporary file that remains from the upload process. Exploitation of this vulnerability allows the user to evade file size and type restrictions. Fix:Upgrade to a more current version of the script when it becomes available.
Sendmail prescan() address buffer overflow	Sendmail 8.12.8 and earlier contains a buffer overflow vulnerability in its handling of e-mail addresses that can be precipitated by the use of a special character value. An attacker can exploit this vulnerability to execute arbitrary code in the context of the mail server. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the most current version of Sendmail, or apply the appropriate vendor-supplied patch.	CVE-2003-0161
paFileDB SQL injection vulnerability	PHP Arena's paFileDB 3.1 and earlier allows a remote user to perform arbitrary database operations by placing SQL into the 'id' or 'rating' variables. In the worst case, this vulnerability may be exploited to execute commands in the context of the SQL server. Fix:eEye is currently unaware of a vendor-supplied solution for this vulnerability. Please contact the vendor for information on updates or workarounds.
FrontPage 98 Link View Component buffer overflow	Microsoft FrontPage 98 Server Extensions includes a link view server-side component (dvwssr.dll) which is susceptible to a buffer overflow. A remote user able to access the DLL can exploit this vulnerability in order to execute code in the context of the web server. Fix:Remove all web-accessible instances of the file dvwssr.dll unless it is explicitly needed by the users on the server, since the file's only functionality is to generate link views for Visual InterDev 1.0.	CVE-2000-0260
Bugbear infection detected	Retina has detected that the scanned host is infected with an active instance of Bugbear worm. A malicious user can remotely control the host while Bugbear is running, allowing him to download and modify files, and view a log of keystrokes typed by users at the machine. Fix:Install up-to-date antivirus software on the host and remove the Bugbear worm immediately. To clean the host manually: Check for suspicious executable files in all users' "Start Menu\Programs\Startup" directory, as well as executables referenced in the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" registry key. Copies of the Bugbear worm executable are typically 50KB in size and are named with three or four random letters, followed by ".exe". Kill any active processes with the same name as any of the suspicious executables, then delete the corresponding files (or rename them to have a non-executable extension), and remove the suspicious values in the RunOnce registry key.
Hyperion FTP Server multiple buffer overflows	Mollensoft's Hyperion FTP Server 3.0 and earlier contains a number of vulnerabilities that a remote attacker can exploit in order to execute arbitrary code in the context of the FTP server. Submitting a command or eliciting a response of roughly 1000 characters will cause a buffer overflow in the underlying Mabry Socket control. Fix:eEye is currently unaware of a vendor-supplied solution for these vulnerabilities. Please contact the vendor for information on updates or workarounds.
Brocade switch SNMP vulnerabilities	Versions of the Brocade firmware up to and including 2.6.0d contain a number of SNMP vulnerabilities that can be exploited to cause a denial-of-service condition for users of the router, and may allow a remote attacker to execute arbitrary code upon the device. Fix:Upgrade to the latest version of firmware to eliminate these vulnerabilities.	CVE-2002-0013 CVE-2002-0017
InstaBoard 1.3 SQL injection vulnerability	Pleasure Net Consulting Inc. InstaBoard 1.3 and earlier contains a number of SQL injection vulnerabilities in its form input variables. An unauthenticated remote attacker could exploit any of these vulnerabilities to corrupt or retrieve sensitive data, or possibly to execute arbitrary commands in the context of the SQL service. Fix:eEye is currently unaware of a vendor-supplied solution for these vulnerabilities. Please contact the vendor for information on updates or workarounds.
Monkey HTTP Daemon POST buffer overflow	Eduardo Silva's Monkey HTTP Daemon 0.6.1 and earlier contains a buffer overflow vulnerability in its handling of POST requests. By posting more than 10KB of data, an anonymous remote attacker can execute arbitrary code in the context of the HTTP daemon. Fix:Upgrade to the most current version of Monkey HTTPD to eliminate this vulnerability.	CVE-2003-0218
OpenBB multiple SQL injection vulnerabilities	Iansoft Enterprises' Open Bulletin Board 1.1.0 and earlier contains a number of SQL injection vulnerabilities that a remote attacker may exploit to gain inappropriate access to the forum database, or possibly even execute arbitrary commands on the host. Fix:Since versions of OpenBB released under Iansoft no longer appear to be supported, we recommend migrating to bulletin board software that is actively supported by its developers.
BadBlue Administrative Access	BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access. This is due to an input validation issue in the 'ext.dll' component that could allow a remote attacker to cause '.hts' files to be interpreted by the server. This could lead to unauthorized execution of administrative commands. Fix:Upgrade to the most current version of BadBlue to eliminate this and possibly other security vulnerabilities in the product.
FTGate Pro Mail Server is running	Several vulnerabilities exist in older versions of FTGate Pro Mail Server. Many of these vulnerabilities can be exploited to gain remote access to Windows servers running FTGate Pro. Fix:Verify that you have the most recent version of FTGate Pro installed.
PeopleSoft PeopleTools SchedulerTransfer	Retina has detected the SchedulerTransfer servlet is active on this webserver. Several versions of PeopleSoft PeopleTools "SchedulerTransfer" servlet contain a serious vulnerability in input sanitization that can be exploited to execute commands. Fix:Verify that you have the most recent version of this servlet installed and if you are not currently using it, disable it.	CVE-2003-0104
Netscape Enterprise 3.6 GET buffer overflow	By sending a very long GET request to the server, an attacker could cause a buffer to overflow, thus overwriting the stack. A specially crafted request could be used to execute arbitrary code on the server. Note: This audit may report false findings on devices such as Cisco ACS that contain FastTrack as an embedded web server. Though fixes may be backported into the since rebranded FastTrack software, it is recommended that the device be manually audited and the appropriate vendor contacted to ensure the device is secure. Fix:We recommend that you upgrade to a more recent version of the Netscape Enterprise web server. Currently Netscape Enterprise is maintained by Sun Microsystems as Sun One.	CVE-1999-0744
Netscape Enterprise 3.6 Basic Authentication Buffer Overflow	A buffer overflow affecting Netscape Enterprise 3.6 SP2 and prior can be exploited by carefully crafting an HTTP request with an overly long username parameter. Fix:We recommend that you upgrade to a more recent version of the Netscape Enterprise web server. Currently Netscape Enterprise is maintained by Sun microsystems as Sun One.	CVE-1999-0853
Sun AnswerBook2 Gettransbitmap Buffer Overflow	Retina has detected the gettransbitmap cgi helper application is accessible on this webserver. Older versions of this application contain a buffer overflow vulnerability in the parsing of a filename query variable. Fix:We recommend that you remove or disable this helper application if you are not currently using it.	CVE-2002-0360
X Windows Server Access Control Disabled	This access control for this XWindows server is disabled. Currently anyone can connect to this server.An attacker can use this insecurity to record the keystrokes of active X clients. Fix:Use xauth or MIT cookies to restrict access to this X server.	CVE-1999-0526
Back Orifice detected	Retina has detected that the scanned host is running a default configuration of the Back Orifice remote administration server. Back Orifice is typically used as a remote administration trojan by attackers wishing to take control of a victim's machine, or to obtain an entry point into a network. Because this Back Orifice server has not been configured, any number of malicious users with network access to the host may have discovered the active server and used it to perform hostile actions against the machine, or any networks on which it is located. Fix:Remove the Back Orifice server immediately if its presence on the host is not authorized. To remove Back Orifice: Open Regedit, and go to the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices" key. The (default) value should indicate the name of the Back Orifice server executable. Remove the registry value, then reboot and delete the executable as well. Because an attacker may have taken additional steps to compromise the host, it is recommended that you download up-to-date anti-virus software and scan this machine before using it further.
Lotus Domino LDAP service buffer overflow	A buffer overflow vulnerability in implementation of the LDAP protocol can be exploited by a remote attacker to execute code within the context of the Lotus Domino Server. Fix:Upgrade to the most current version of Lotus Domino to eliminate this and possibly other security vulnerabilities in the software.	CVE-2001-1311
Lotus Domino HTTP Redirect buffer overflow	A buffer overflow vulnerability in the construction of HTTP redirect response can be exploited by a remote attacker to execute code within the context of the Lotus Domino Server. Fix:Upgrade to the most current version of Lotus Domino to eliminate this and possibly other security vulnerabilities in the software.	CVE-2003-0178
Lotus Domino iNotes s_ViewName/Foldername buffer overflow	A buffer overflow vulnerability in the handling of client-supplied request parameters can be exploited by a remote attacker to execute code within the context of the Lotus Domino Server. Fix:Upgrade to the most current version of Lotus Domino to eliminate this and possibly other security vulnerabilities in the software.	CVE-2003-0178
Lotus Domino SMTP server MAIL FROM buffer overflow	A buffer overflow vulnerability in the handling of the "MAIL FROM:" field can be exploited by a remote attacker to execute code within the context of the Lotus Domino SMTP Server. Fix:Upgrade to the most current version of Lotus Domino to eliminate this and possibly other security vulnerabilities in the software.	CVE-2000-1047
Lotus Domino CGI error handling buffer overflow	Lotus Domino version 4.6 exhibits a buffer overflow vulnerability in its handling of requests for nonexistent files in the cgi-bin web directory. Fix:Upgrade to the most current version of Lotus Domino to eliminate this and possibly other security vulnerabilities in the software.	CVE-2000-0023
Samba trans2open buffer overflow	Samba versions 2.0.0 through 2.2.8 contain a buffer overflow vulnerability in the call_trans2open function that can be exploited by a remote attacker to execute code within the context of Samba server. Fix:Upgrade to the most current version of Samba to eliminate this and possibly other security vulnerabilities in the software.	CVE-2003-0201
Samba packet reassembly buffer overflow	Samba 2.0x versions prior to 2.2.8 contain a buffer overflow vulnerability in SMB/CIFS packet reassembly that can be exploited by a remote attacker to execute code within the context of Samba server. Fix:Upgrade to the most current version of Samba to eliminate this and possibly other security vulnerabilities in the software.	CVE-2003-0085
Samba multiple buffer overflows	Multiple unspecified buffer overflows have been discovered in Samba version 2.0 through 2.2.8, and in Samba-TNG versions 0.3.1 and earlier. Reportedly, these vulnerabilities can be exploited by a remote attacker in order to execute arbitrary code on a susceptible Samba server. Fix:Upgrade to the most current version of Samba to eliminate this and possibly other security vulnerabilities in the software.	CVE-2003-0196
Lotus Domino COM object control handler buffer overflow	A buffer overflow vulnerability in the handling of a COM object control can be exploited by a remote attacker to execute code within the context of the Lotus Domino Server. Fix:Upgrade to the most current version of Lotus Domino to eliminate this and possibly other security vulnerabilities in the software.	CVE-2003-0179
RealServer memory contents disclosure	RealServer 5.0 through 7.0 could allow a remote attacker to obtain memory contents, possibly including cookies, user names, passwords, etc. Fix:Upgrade to the most current version of RealServer to eliminate this and possibly other security vulnerabilities in the software.	CVE-2000-1181
Cisco VPN 3000 Concentrator authentication bypass	Cisco VPN 3000 Concentrator devices, when running certain versions of IOS up to and including 2.5.2, allow VPN clients to access the network using PPTP or IPSEC user authentication when the device is configured to use internal authentication with only group accounts. Fix:Apply the most current software upgrades available for the affected device.	CVE-2002-1092
Cisco HTML parser processing vulnerability	Cisco VPN 3000 series concentrators are vulnerable to a denial of service attack vulnerability that can be triggered by supplying the HTTP server with an abnormally large URL within a client request. Fix:Upgrade your IOS version to a more recent version and restrict access to the HTTP interface to trusted clients.	CVE-2002-1093
Cisco VPN 3000 Concentrator user password disclosure	The remote Cisco VPN concentrator discloses the passwords of its users in the source HTML of its embedded web server. Fix:Please visit the link included with this audit for information on eliminating this vulnerability.	CVE-2002-1096
Cisco VPN 3000 Concentrator ISAKMP multiple vulnerabilities	The scanned VPN Concentrator is subject to several vulnerabilities in ISAKMP packet processing. These vulnerabilities can be exploited to execute arbitrary code within the context of the device, or in other cases, reboot the device. Fix:Please the visit the link included with this audit for information on eliminating these vulnerabilities.	CVE-2002-1103
Cisco IOS multiple SIP vulnerabilities	Multiple Cisco products contain vulnerabilities in the processing of Session Initiation Protocol (SIP) INVITE messages. These vulnerabilities can be exploited to render the remote device unresponsive and in some conditions an attacker may be able to execute arbitrary code on the vulnerable device. Fix:Please the visit the link included with this audit for information on eliminating these vulnerabilities.
Cisco VPN 3000 Concentrator certificate password disclosure	The remote Cisco VPN concentrator discloses certificate passwords in the source HTML of its embedded web server. Fix:Please the visit the link included with this audit for information on eliminating this vulnerability.	CVE-2002-1097
Cisco VPN 3000 Concentrator IPSEC tunnel vulnerability	This Cisco VPN 3000 series concentrator does not correctly handle LAN-to-LAN tunneling communications. Vulnerabilities discovered may be used to bypass access control restrictions currently in place. Fix:Please the visit the link included with this audit for information on eliminating these vulnerabilities.	CVE-2002-1102
Cisco IOS OSPF neighbor announcement buffer overflow	Cisco devices running certain versions of Cisco IOS from 11.1.x through 12.0.x are susceptible to a buffer overflow when more than 255 OSPF (Open Shortest Path First) neighbor announcements are received on an interface. A remote attacker can exploit this vulnerability to cause a denial-of-service condition, or possibly even execute arbitrary code, on the affected device. Fix:Upgrade to the latest version of Cisco IOS to eliminate this vulnerability. The following versions are the earliest fixed releases available: 12.0(19)S 12.0(19)ST 12.1(1) 12.1(1)DB 12.1(1)DC 12.1(1)T	CVE-2003-0100
Cisco Catalyst HTTP buffer overflow	Cisco Catalyst devices running certain versions of Cisco CatOS from 5.4 through 7.4 contain a buffer overflow in the embedded HTTP server. By sending an overly long HTTP query, a remote attacker can cause the device to crash, or to possibly execute arbitrary code. Fix:Upgrade to the latest version of CatOS to eliminate this vulnerability.	CVE-2002-1222
Cisco IOS ICMP redirect routing vulnerability	Cisco devices running Cisco IOS software with IP routing disabled will accept any ICMP redirect packets received and modify its routing table accordingly. (Note that IP routing is enabled by default.) A remote attacker could exploit this vulnerability to disrupt the flow of traffic into and out of the network, and may possibly be able to conduct a "man-in-the-middle" style of attack against the users on the network, allowing packets to be intercepted, modified, and forwarded to their original destinations transparently. Fix:Upgrade to the most current version of Cisco IOS software available for the device, or as a temporary workaround, prevent the router from acting upon ICMP redirect packets by issuing the configuration command "`no ip icmp redirect`".	CVE-2002-1222
Windows RPC DCOM Interface Buffer Overflow	Versions of Microsoft Windows platforms up to and including NT 4.0 SP6a, 2000 SP4, and XP SP1, as well as Windows Server 2003, contain a buffer overflow vulnerability in a Distributed Component Object Model (DCOM) interface accessible via RPC. By sending a specially-crafted packet to the susceptible host over any available RPC medium, a remote attacker can cause the execution of arbitrary code in the SYSTEM context. Fix:Install the appropriate Microsoft hotfix.	CVE-2003-0352
Sendmail 8.12.9 Buffer Overflow	The Sendmail 8.12.9 prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks. Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade to the latest version of Sendmail immediately.	CVE-2003-0694
OpenSSH PAM Implementation Multiple Vulnerabilities	Multiple vulnerabilities exist within OpenSSH PAM implementation, which may be remotely exploitable allowing for an attacker to execute arbitrary code and obtain root privileges. Note: this audit will continue to flag positive on 3.7.1p1, even if PAM has been configured. Fix:Upgrade to OpenSSH version 3.7.1p2 or disable PAM within the 'ssh_config' file.	CVE-2003-0787
wu-ftpd fb_realpath() Off-By-One Buffer Overflow	A vulnerability exists within wu-ftpd, which affects the implementation of realpath(). This may allow for an attacker to execute arbitrary code in order to obtain root privileges. Note: as there are no versions of wu-ftpd with this vulnerability corrected and a source patch is the only method of fixing this, Retina will continue to alert for wu-ftpd, even after the patch has been applied. Fix:Apply the appropriate patch from the vendor.	CVE-2003-0466
Windows Messenger Service Buffer Overrun	A buffer overrun vulnerability exists within the Microsoft Windows Messenger Service because it does not properly validate the length of the message before it is passed to an allocated buffer. This may allow for an attacker to remotely execute arbitrary code on a vulnerable machine. Fix:Install the appropriate hotfix or latest Service Pack.	CVE-2003-0717
Exchange XEXCH50 Buffer Overflow	A buffer overrun vulnerability exists within the XEXCH50 extended verb in Exchange's SMTP implementation. This verb can be accessed without authentication and a sophisticated attacker could inject a payload in the binary stream to run arbitrary code of his choice. Please note that even if Exchange is not installed, the system may still be vulnerable as a result of other smtp services that use the same smtp engine. Fix:Install the appropriate hotfix or latest Service Pack.	CVE-2003-0714
Apache 2.0.45 APR_PSPrintf Memory Corruption	A memory corruption vulnerability exists within Apache version 2.0.45 and prior in the apr_sprintf() runtime library, which may be exploited by an attacker through mod_dav or any other components in order to execute arbitrary code. Fix:Upgrade to Apache version 2.0.46 or later.	CVE-2003-0245
Apache 2.0.43 MS-DOS Device Name DoS	A denial of service vulnerability exists within Apache version 2.0.43 and prior when receiving GET requests, which contain MS-DOS device names, may allow for an attacker to cause the service to stop responding and/or execute arbitrary code. Fix:Upgrade to the latest version of Apache.	CVE-2003-0016
BIND DNS Resolver Buffer Overflow	A buffer overflow vulnerability exists within BIND 4.9.10 resolver library, which is responsible for network name and address requests, which allow for an attacker to cause the service to stop responding. Fix:Upgrade to the current version of bind from the ISC website or your vendor.	CVE-2002-0684 CVE-2002-0029
OpenSSL 0.9.7 Double-Free Buffer Overflow	A buffer overflow vulnerability exists within OpenSSL 0.9.7 and prior does not properly check the number of characters in ASN.1 inputs, which may allow for an attacker to cause the service to stop responding, and/or execute arbitrary code of choice. Fix:Upgrade to the latest version of OpenSSL.	CVE-2003-0545 CVE-2003-0544
BRS Web Weaver 1.06 User-Agent DoS	A denial of service vulnerability exists within BRS WebWeaver version 1.06 and prior when the server receives a request containing a large value for the User-Agent parameter, which allow for an attacker to cause the service to stop responding, and/or execute arbitrary code. Fix:Upgrade to the latest version of Web Weaver.
Oracle Reports Server Information Disclosure	A information disclosure vulnerability exists within Oracle Reports Server when making a request for /cgi-bin/rwcgi60 or /cgi-bin/rwcgi60/showenv may allow for an attacker to obtain sensitive information regarding the targeted host. Fix:Upgrade to the latest patch.	CVE-2003-0095
FoxWeb PATH_INFO Buffer Overflow	Retina has detected that the scanned host has foxweb.exe or foxweb.dll present. Multiple vulnerabilities exist within FoxWeb 2.5 and prior versions which may allow for an attacker to execute arbitrary code on the targeted host. Fix:Remove the files, or upgrade to the latest version of FoxWeb.	CVE-2003-0762
CCBill whereami.cgi Remote Command Execution	A command execution vulnerability exists within CCBill whereami.cgi, which allows for an attacker to execute arbitrary commands on a remote host. Fix:It is recommended to delete this script.
Jordan Windows Telnet Server Username Buffer Overflow	A buffer overflow vulnerability exists within Jordan Windows Telnet server, which may allow for an attacker to cause the service to stop responding, and/or execute arbitrary code. Fix:Currently the vendor has not released a patch for this problem.
MyDoom-MIMAIL.R Virus Remotely Detected	Retina has found that the MIMAIL.R Virus has infected this machine. This mailer virus, which is also known as Mydoom and Novarg, propagates via both SMTP and peer-to-peer networks, installs a remote administration trojan on a TCP port in the range 3127 to 3198, and also attempts a Distributed-Denial-of-Service attack against www.sco.com. Fix:You should disconnect the affected machine from the network immediately, then follow the steps listed below in order to disinfect it. 1.Delete the following registry value: Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value name: " TaskMon " Value string: " %System%\taskmon.exe "
PhotoPost PHP Pro showphoto.php SQL Injection	A SQL injection vulnerability exists within PhotoPost PHP Pro which allows for an attacker to view or manipulate data on the targeted host. Fix:Upgrade to the latest version of PhotoPost PHP Pro.
Oracle Application Server config.xml Information Disclosure	A information disclosure vulnerability exists within Oracle Application Server config.xml, which by default does not require authentication. This file stores the Administrator user name and password. Fix:Add authentication to this file.
ASN.1 Vulnerability Could Allow Code Execution HTTP Check	A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow. Note: This audits does not require privileged access to target machines, but will not work against default configurations of Windows NT 4.0 and earlier. For NT 4.0 systems, please use the hotfix check named "ASN.1 Vulnerability Could Allow Code Execution - NT4" instead (remote registry access is required). Fix:Install the appropriate hotfix.	CVE-2003-0818
Serv-U FTP Server MDTM Command Buffer Overflow	A buffer overflow vulnerability exists within Serv-U FTP server, which is caused due to a boundary error when handling time zone arguments to the MDTM command. This may allow for an attacker to cause the service to stop responding, and/or execute arbitrary code on the targeted host. Fix:Upgrade to the latest version.
ArGoSoft 1.4.1.5 FTP Server Multiple Vulnerabilities	Multiple vulnerabilities exist within ArGoSoft FTP server 1.4.1.5 and prior versions, which may allow for an attacker to cause the service to stop responding and/or execute arbitrary code on the targeted host. Fix:Upgrade to the latest version.
Cisco Switch Monitor the Router Command Execution	A command execution vulnerability exists within Cisco Switch 'monitor the router' page, which may allow for an attacker to obtain sensitive information regarding the targeted switch or router and/or execute commands. Fix:Authentication should be added to this page.	CVE-2001-0537
IBM Net.Commerce SQL Injection	A SQL injection vulnerability exists within IBM Net.Commerce SQL Injection, which may allow for an attacker to manipulate database queries. Fix:Upgrade to the latest version.	CVE-2001-0319
Windows RPC Cumulative Patch 828741 Remote	Multiple vulnerabilities have been discovered within RPC/DCOM which may allow for an attacker to obtain complete control of an affected system. This audit detects the presence of the MS04-012 patch remotely and without authentication, on Windows 2000, Windows XP, and Windows Server 2003 only. When auditing Windows NT 4.0, or if redundant verification is desired for the operating systems listed above, please use the related hotfix audits in conjunction with administrative access to the target hosts. Fix:Install the appropriate hotfix.	CVE-2004-0124 CVE-2004-0116 CVE-2003-0807
cPanel guestbook.cgi Command Execution	A command execution exists within cPanel guestbook.cgi, which allows for an attacker to execute arbitrary commands on the targeted host. Fix:Upgrade to the latest version of cPanel.
CactuSoft CactuShop largeimage.asp SQL Injection	A SQL injection vulnerability exists within CactuSoft CactuShop largeimage.asp, which may allow for an attacker to manipulate database queries. Fix:Upgrade to the latest version, or remove the largeimage.asp file.
Samba Long Password Buffer Overflow	A buffer overflow vulnerability exists within Samba 2.0.6 and prior which allows for an attacker to supply an overly long password which may cause the service to stop responding and/or execute arbitrary code of choice. Fix:Download the latest version of Samba, http://www.samba.org/	CVE-1999-0182
Macromedia Dreamweaver mmhttpdb.asp Database Script	Multiple vulnerabilities exist within Macromedia Dreamweaver mmhttpdb.asp database script, which may allow for an attacker to run arbitrary SQL queries and/or compromise the backend database server. Fix:It is recommended to remove the _mmServerScripts directory and the _mmDBScripts directory.
AWS Ada Web Server v1.4 Buffer Overflow	A buffer overflow vulnerability exists within AWS Ada Web Server v1.4 and prior versions, which may allow for an attacker to cause the service to stop responding and/or execute arbitrary code on the targeted host. Fix:Use another product such as Apache.
Windows Cumulative Patch 835732 IIS SSL Remote	The MS04-011 cumulative patches fix multiple remote code execution vulnerabilities within Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003. All of these vulnerabilities are considered to be critical. Fix:Install the appropriate hotfix.	CVE-2003-0719 CVE-2003-0907 CVE-2003-0663 CVE-2003-0906 CVE-2003-0533
BosDev BosDates calendar_download.php SQL Injection	A SQL injection vulnerability exists within BosDates calendar_download.php, which may allow for an attacker to view or manipulate data on the targeted host. Fix:Use another product.
ReviewPost PHP Pro showcat.php SQL Injection	A SQL injection vulnerability exists within ReviewPost PHP Pro showcat.php file, which may allow for an attacker to view or manipulate data on the targeted host. Fix:Use another product, or remove the showcat.php file.
ReviewPost PHP Pro showproduct.php SQL Injection	A SQL injection vulnerability exists within ReviewPost PHP Pro showproduct.php file, which may allow for an attacker to view or manipulate data on the targeted host. Fix:Use another product, or remove the showproduct.php file.
Sasser Worm Detected	Retina has detected that the Sasser worm has infected the following host. The worm spawns a mini-FTP server on TCP port 5554 to deliver the worm executable to exploited systems. Fix:You should disconnect the affected machine from the network immediately, then follow the steps listed below in order to disinfect it. 1.Delete the following registry value: Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value name: "avserve.exe" Value string: â€œ%WINDIR%\avserve.exe"
Exim EHLO Heap Overflow	A heap overflow vulnerability exists within Exim SMTP in all versions up to 4.21. This may allow for an attacker to cause the SMTP service to stop responding and/or execute arbitrary code on the targeted host. Fix:Upgrade to the latest version of Exim.	CVE-2004-0400
JPortal print.php SQL Injection	A SQL injection vulnerability exists within JPortal print.php which script that would allow a user to bypass the authentication process and possibly execute commands via SQL. Fix:Upgrade to the latest version of JPortal, or remove print.php.
JFTPGW Remote Syslog Format String	A format string vulnerability exists within JFTPGW proxy/gateway which may allow for an attacker to cause the service to stop responding and/or execute arbitrary code on the targeted host. Fix:Upgrade to version 0.13.4 or later.
NetGear WG602 WAP Hidden Administrator Account	The NetGear WG602 wireless access point contains an undocumented default administrator account, which allows an attacker to compromise the device. To manual test this account, point your web browser to the access point, and login with super and password 5777364. Fix:Login to the access point and change or remove this account.
Apache mod_proxy Buffer Overflow	A buffer overflow vulnerability exists within Apache 1.3.26 â€“ 1.3.31 mod_proxy module may allow for an attacker to cause the service to stop responding and/or execute arbitrary code. Fix:Upgrade to the latest version or disable mod_proxy.	CVE-2004-0492
Crystal Reports Directory Traversal Remote	An information disclosure vulnerability and a denial of service vulnerability exist within Crystal Reports and Crystal Enterprise from Business Objects, which may allow for an attacker to obtain sensitive information regarding the targeted host, and/or cause the service to stop responding. Fix:Install the appropriate hotfix.	CVE-2004-0204
Microsoft IIS Download.Ject Trojan Detected	Retina has detected that the following IIS server has been infected by the Download.Ject Trojan. This Trojan modifies the configuration of the IIS web sites on the infected host to make one of the iisxxx.dll files the document footer. Fix:Apply all Microsoft patches to the machine, and also use an antivirus product to clean the virus.
Microsoft IIS 4.0 Redirection Buffer Overflow	A buffer overflow vulnerability exists within Microsoft IIS 4.0, which may allow for an attacker to execute arbitrary code on the targeted host and/or cause the service to stop responding. Fix:Install the appropriate patch.	CVE-2004-0205
AntiBoard antiboard.php SQL Injection	A SQL injection vulnerability exits within AntiBoard antiboard.php, which allows for an attacker to view or manipulate data on the targeted host. Fix:Upgrade to the latest version and/or delete antiboard.php.
DameWare Mini Remote Multiple Vulnerabilities	DameWare is a utility for remotely administrating servers. Multiple vulnerabilities exist within DameWare Mini Remote 3.73 and prior versions, which may allow for an attacker to cause the service to stop responding and/or execute arbitrary code. Fix:It is recommended to verify that version 3.73 or later is installed.	CVE-2003-1030
Oracle E-Business Suite SQL Injection	Multiple SQL injection vulnerabilities exist within Oracle E-Business Suite which may allow for an attacker to execute arbitrary SQL commands. This may reveal sensitive information, and/or files regarding the targeted host. Fix:Upgrade to the latest version of Oracle E-Business.	CVE-2004-0543
Oracle 9i Application Server Web Cache Heap Overflow	A heap overflow vulnerability exists within Oracle 9i Application Server Web Cache, which may allow for an attacker to cause the service to stop responding and/or execute arbitrary code on the targeted host. This vulnerability can be triggered over port 80 or 443, which are user configurable. Fix:Upgrade to the latest version.	CVE-2004-0385
Oracle Multiple Unspecified Remote Vulnerabilities	Multiple vulnerabilities exist within Oracle9iAS, Oracle Enterprise Manager and/oracle Collaboration Suite Impact. The vulnerabilities within the Oracle Database server and Listener do not require a valid user account to be exploited. Oracle9iAS vulnerabilities are within the Portal and iSQLPlus components of the server. These vulnerabilities may allow for an attacker to cause any of the services to stop responding, and/or execute arbitrary code on a targeted host. Fix:*Currently there are no workarounds for these issues. Itâ€™s highly recommended to apply the appropriate patch.
Oracle PL/SQL DAD Descriptor Information Disclosure	A unspecified vulnerability exists within the PL/SQL module, which is used by Oracle9iAS. When specifying the DAD used to access a PL/SQL application may allow for an attacker to obtain access to the PL/SQL application. Fix:Upgrade the latest version of Oracle9iAS.	CVE-2002-0564
Oracle9i Lite Server Multiple Unspecified Vulnerabilities	Oracle9i Lite is vulnerable to multiple unspecified vulnerabilities, which may allow for an attacker to obtain unauthorized access. Oracle9i Lite versions 5.0.0.0 to 5.0.2.9.0 are reported to be vulnerable. Fix:Upgrade to the latest version of Oracle9i Lite.
Apache Mod_SSL Log Function Format String	A weakness exists in mod_ssl which can be used by an attacker to cause execution of strings logged via HTTPS. Fix:Upgrade mod_ssl to version 2.8.19-1.3.31 or higher.	CVE-2004-0700
IMail Express Web Messaging Buffer Overflow	The vendor has reported a vulnerability in IMail Express, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within a routine for parsing HTML messages in Web Messaging. This can be exploited to cause a buffer overflow via a specially crafted HTML message containing a tag text longer than 1024 bytes. Fix:Update to version 8.05. ftp://ftp.ipswitch.com/install/imailex.exe
Helix Server and RealServer Buffer Overflow	A buffer overflow vulnerability exists within RealServer 8.0 and earlier versions, and also within Helix Server 9.0, which allows for an attacker to execute arbitrary code on the targeted host. Fix:Upgrade to the latest version.	CVE-2003-0725
Serv-U 2.5 Multiple Buffer Overflows	Buffer overflows exist in Serv-U 2.5 and prior which may allow an attacker to cause a denial of service and possibly execute arbitrary code. Fix:Upgrade Serv-U to at least version 2.5a.	CVE-1999-0219
Microsoft Windows NNTP Buffer Overflow	A buffer overflow vulnerability exists within Microsoft Windows NNTP service which may allow for an attacker to obtain SYSTEM level access to an affected system. Fix:Install the appropriate patch for service pack.	CVE-2004-0574
ProFTPD remote buffer overflow	A buffer overflow exists in ProFTPD up to and including version 1.2pre1 which may allow a remote attacker to gain root level access to the server. Fix:Upgrade ProFTPD to at least version 1.2.0pre2 .	CVE-1999-0368
UBB Central UBB.threads dosearch SQL Injection	A sql injection vulnerability exists within UBBCentral UBB.threads dosearch.php, which allows for an attacker to view or modify sensitive information on the targeted host. Fix:Upgrade to the latest version.
PostNuke pnAPI.php Trojan Detected	Retina has detected that the host is running a trojaned version of PostNuke. It was reported that PostNuke.com was compromised, and the attacker modified the download address of the archive PostNuke-0.750.zip. Fix:It is recommended to remove the /includes/pnAPI.php file. This should be replaced with the original file.
phpGroupWare Remote Command Execution	A command execution vulnerability exists within phpGroupWare due to the include() function of php. The file phpgw.inc.php include file can be used by an attacker to supply variables in a FROM method which can cause the software to look for an include file outside of the local system. Fix:Upgrade to the latest version.	CVE-2001-0043
Invision Power Board Arcade SQL Injection	A sql injection vulnerability exists within Invision Power Board index.php which allows for an attacker to execute arbitrary database queries. Fix:Upgrade to the latest version.
MailEnable Pro IMAP Service Pre-Authentication Buffer Overflow	A buffer overflow vulnerability exists within MailEnable IMAP service 1.52 and prior versions, which may allow for an attacker to cause the service to stop responding and/or execute arbitrary code. Fix:Upgrade to version 1.53 or later.
Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities	Multiple remote unspecified vulnerabilities exist within Cyrus IMAPD, which may allow for an attacker to cause the service to stop responding, and/or execute arbitrary code. Fix:Upgrade to version 2.2.10 or later.	CVE-2004-1015
Microsoft Windows WINS Multiple Buffer Overflow Vulnerabilities Remote	Multiple buffer overflow vulnerabilities exist within Microsoft Windows WINS service, which allows for an attacker to execute arbitrary code and/or cause the service to stop responding. By default, WINS is not installed on Microsoft Windows systems. Note: this audit may generate a false positive result against Unix or Linux systems running WINS through SAMBA. Fix:Install the appropriate patch.	CVE-2004-0567 CVE-2004-1080
IkonBoard ikonboard.cgi SQL Injection	A SQL injection vulnerability exists within IkonBoard ikonboard.cgi, which allows for an attacker to execute arbitrary commands via mySQL. Fix:Upgrade to the latest version.
PHP 4/5 Multiple Vulnerabilities	Multiple vulnerabilities exist within PHP 4/5 which may allow for an attacker to execute arbitrary code, and/or cause the web service to stop responding. Fix:Upgrade to the latest version of PHP.	CVE-2004-1063 CVE-2004-1019 CVE-2004-1064 CVE-2004-1018
phpBB viewtopic.php Command Execution	A command execution vulnerability exists within phpBB viewtopic.php which allows for an attacker to execute arbitrary commands on the targeted host. Fix:Upgrade to version 2.0.11 or later.
Multiple Vendor SSH Vulnerabilities	Multiple vulnerabilities exist within multiple SSH server vendors, which may allow for an attacker to remotely execute arbitrary code, and/or cause the service to stop responding. Fix:Install the appropriate patch, or upgrade to the latest version.	CVE-2002-1360 CVE-2002-1359 CVE-2002-1358 CVE-2002-1357
Oracle9i Application Server WebDAV Format String	A format string vulnerability exists within Oracle9i 9.0.2 application server which may allow for an attacker to anonymously upload files to the server, and/or exploit the format string vulnerability within the logging functions. Fix:Install the appropriate patch, or upgrade to the latest version.	CVE-2002-0842
BIND 8.1.1 Multiple Vulnerabilities	Multiple vulnerabilities exist within BIND 8.1.1 and prior versions may allow for an attacker to remotely execute arbitrary code, and/or cause the service to stop responding. Fix:Upgrade to the latest version of BIND.
TCP Wrappers Service Port Detected	Retina has detected the TCP Wrappers (tcpd) service port on the remote system. The source code for TCP Wrappers is known to have been compromised and may contain a Trojan that could allow unauthorized remote root access to the system. Fix:Verify the integrity of TCP Wrappers by following the direction of CERT Advisory CA-1999-01.
Veritas Backup Exec Agent Browser Buffer Overflow	A buffer overflow vulnerability exists within Veritas Backup Exec which may allow for an attacker to remotely execute arbitrary commands and/or cause the service to stop responding. Fix:Install the appropriate patch.	CVE-2004-1172
Cisco IOS 2GB HTTP GET Buffer Overflow	A buffer overflow vulnerability exists within the Cisco IOS HTTP protocol, which may allow for an attacker to remotely execute arbitrary commands and/or cause the service to stop responding. Fix:Install the appropriate vendor supplied patch or upgrade to a newer IOS version.	CVE-2003-0647
MIT Kerberos 5 Multiple Vulnerabilities - BSD	Multiple vulnerabilities exist within the MIT Kerberos 5, which may allow for an attacker to remotely execute arbitrary commands and/or cause the service to stop responding. Fix:Install the appropriate patch, or upgrade to the latest version.	CVE-2004-0643 CVE-2004-0642 CVE-2004-0772 CVE-2004-0644
Multiple Vendor Telnetd Buffer Overflow - AIX	A buffer overflow vulnerability exists within telnetd, which may allow for an attacker to cause the service to stop responding, and/or execute arbitrary code. Fix:Install the appropriate patch, or upgrade to the latest version.	CVE-2001-0554
BIND Multiple Vulnerabilities	Multiple vulnerabilities exist within BIND, which may allow for an attacker to remotely execute arbitrary code, and/or cause the service to stop responding. Fix:Upgrade to the latest version.	CVE-2005-0034 CVE-2005-0033
AWStats Remote Command Execution	A remote command execution vulnerability exists within AWStats which allows for an attacker to execute arbitrary commands on a targeted host. Fix:Upgrade to the latest version.
Canna Server SR_INIT Buffer Overflow	Canna Server version 3.5b2 and earlier contain a stack based buffer overflow vulnerability in the handling of SR_INIT request that a remote attacker can exploit to execute code within the context of Canna server. Fix:Upgrade to the most recent version of Canna to eliminate this and possibly other security vulnerabilities in the product.	CVE-2000-0584
Computer Associates License Management Stack Overflow Remote	Multiple vulnerabilities exist within the Computer Associates License Management software, which may allow for an attacker to remotely execute arbitrary code, and/or cause the service to stop responding. Fix:Install the appropriate patch, and/or the latest version.	CVE-2005-0582 CVE-2005-0581 CVE-2005-0583
Wnn4.2/FreeWnn1.10/FreeWnn1.1.1a016 jserver Buffer Overflow	Wnn4.2/FreeWnn1.10/FreeWnn1.1.1a016 jserver contain a stack based buffer overflow vulnerability in the handling of JS_OPEN/JS_MKDIR/JS_FILE_INFO command requests that a remote attacker can exploit to execute code within the context of Canna server. Fix:Upgrade to the most recent version of Wnn/FreeWnn to eliminate this and possibly other security vulnerabilities in the product.
Wnn jserver JS_MKDIR shell metacharacter Command Execution	Wnn jserver allows the execution of arbitrary commands on the target server through the use of the pipe shell metacharacter in argument of JS_MKDIR command. Fix:Upgrade to the most recent version of Wnn/FreeWnn to eliminate this and possibly other security vulnerabilities in the product.
ArGoSoft Mail Server Multiple Directory Traversal Vulnerabilities	Multiple directory traversal vulnerabilities exist within ArGoSoft mail server which may allow an attacker to view, replace, and delete arbitrary files, folders and user email. Fix:Install the appropriate patch, and/or upgrade to Mail Server 1.8.7.4 or latest version from the vendor	CVE-2005-0367
Oracle 10g Subscription_name Sql Injection	A remote sql injection vulnerability exists within Oracle 10g database subscription_name which may allow an attacker to compromise an application, disclosure, modification of data, and/or exploit vulnerabilities underlying database implementation. Fix:Install the appropriate patch, and/or upgrade to the latest version from the vendor
Oracle Create_Scn_Change_set Sql Injection	A sql injection vulnerability exists within Oracle Database Server Create_Scn_Change_set standard procedure which may allow an attacker to influence the invocation parameters of the stored procedure to compromise the database. Fix:Install the appropriate patch, and/or upgrade to the latest version from the vendor
Oracle 9i/10g Object_Type Sql Injection	A remote sql injection vulnerability exists within Oracle 9i/10g database object_type which may allow an attacker to compromise an application, disclosure, modification of data, and/or exploit vulnerabilities underlying database implementation. Fix:Install the appropriate patch, and/or upgrade to the latest version from the vendor
Oracle Alter_manuallog_change_source Sql Injection	A sql injection vulnerability exists within Oracle database server Alter_manuallog_change_source which may allow an attacker to compromise an application, disclosure, modification of data, and/or exploit vulnerabilities underlying database implementation. Fix:Install the appropriate patch, and/or upgrade to the latest version from the vendor
Sun ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow	Sun ONE Web server (formerly iPlanet Web Server) versions 4.1 and 6.0 are vulnerable to a buffer overflow in the function that handles chunked transfer encoding. By sending a specially-crafted GET request that uses chunked transfer encoding to a vulnerable Web server, a remote attacker could overflow a buffer and cause the Web server to crash or execute code on the server. Fix:Sun has released a security bulletin and patch: http://sunsolve.sun.com/search/document.do?assetkey=1-26-46128-1	CVE-2002-0845
Oracle Database Multiple Sql Injection	Multiple sql injection vulnerabilities exist within Oracle Database which may allow an attacker to pass unauthorized sql statements to the database in order to compromise an application, disclosure, modification of data, or exploit other vulnerabilities underlying database implementation. Fix:Install the appropriate patch, and/or upgrade to the latest version from the vendor
CA BrightStor ARCserve Backup Buffer Overflow	A remote buffer overflow exists within Computer Associates BrightStor ARCserve Backup UniversalAgent which may allow an attacker to execute arbitrary code, denial of service and potentially facilitate unauthorized super user access. Fix:Install the appropriate patch, and/or upgrade to the latest version from the vendor	CVE-2005-1018
MS03-031: Microsoft SQL Server - 7.0	Multiple vulnerabilities exist within Microsoft SQL Sever which may allow an attacker to elevated privileges, denial of service condition or execute arbitrary code. Fix:Install the appropriate patch, and/or upgrade to the latest version (service pack) available from the vendor.	CVE-2003-0232 CVE-2003-0230 CVE-2003-0231
Microsoft Windows SMB Remote Code Execution (896422) - Remote	A buffer overflow exists within the Microsoft Windows Server Message Block (SMB) which may allow for an attacker to create a series of specially crafted packets in order to execute arbitrary code. Fix:Install the appropriate patch from Microsoft or through Windows Update.	CVE-2005-1206
Microsoft Exchange Server Code Execution	A remote code execution vulnerability exists within Microsoft Exchange Server which may allow an attacker to run malicious programs or connect to the SMTP port in order to cause a denial of service. Fix:Install the appropriate patch, and/or upgrade to the latest version from the vendor	CVE-2005-0560
Cisco IOS IPv6 Crafted Packet Arbitrary Code Execution	A buffer overflow exists within the Cisco Internetwork Operating System Software which may allow for an attacker to create a specially crafted IPv6 packet in order to cause a denial of service and potentially an arbitrary code execution attack. Fix:Update the IOS version according to the Cisco advisory.
CA BrightStor ARCserve Backup Agent for Microsoft Exchange Premium Add-on	A buffer overflow vulnerability exists within the Computer Associates ARCServe BrightStor agent which may allow for an attacker to create a specially-crafted packet in order to execute arbitrary code. Fix:Apply the appropriate vendor patch.	CVE-2005-1272
Microsoft Windows Telephony Remote Code Execution (893756) - Remote	A privilege escalation vulnerability exists within the Microsoft telephony service which may allow for an attacker to send a specially crafted packet (2000 server) or execute a specially crafted application (2000 Professional / XP / 2003) in order to execute arbitrary code. Fix:Apply the appropriate vendor patch (893756).	CVE-2005-0058
Microsoft Windows Print Spooler Service Remote Code Execution (896423) - Remote	A remote code execution vulnerability exists within Microsoft Windows Print Spooler Service which may allow for an attacker who successfully exploited this vulnerability to take complete control of the affected system. Fix:Install the appropriate patch from Microsoft.	CVE-2005-1984
Microsoft Windows Plug And Play Remote Code Execution (899588) - Remote	A buffer overflow exists within Microsoft Windows Plug and Play which may allow for an attacker to send a specially crafted packet (2000 / XP Service Pack 1) or locally execute a specially crafted application (XP Service Pack 2 / 2003) on the target machine in order to execute arbitrary code. Fix:Apply the appropriate Microsoft patch (899588)	CVE-2005-1983
Computer Associates Message Queuing Multiple Buffer Overflows - UNIX	Multiple buffer overflows exist within the Computer Associates message queuing service which may allow for an attacker to send a specially message to a host running the message queuing service in order to execute arbitrary code. Fix:Apply the appropriate vendor patch from CA.	CVE-2005-2669 CVE-2005-2667 CVE-2005-2668
Cisco IOS Firewall Authentication Proxy Buffer Overflow	A buffer overflow vulnerability exists within the FTP and Telnet services for Cisco IOS which may allow an attacker to send a specially-crafted packet to a vulnerable host in order to cause a denial of service or potentially execute arbitrary code. Fix:Update Cisco IOS to the appropriate fixed release.	CVE-2005-2841
Symantec AntiVirus Scan Engine Web Service Buffer Overflow - Webserver Detected	A potential buffer overflow exists within the Symantec AntiVirus Scan Engine Web Service. Ensure that all updates have been applied. If all updates have been applied, disregard this finding. Fix:Apply the appropriate vendor patch.	CVE-2005-2758
Microsoft MSDTC and COM+ Buffer Overflow (902400) - Remote	A buffer overflow vulnerability exists within Microsoft's MSDTC and COM+ services which may allow for an attacker to send a specially-crafted packet in order to remotely execute arbitrary code. Fix:Apply the appropriate vendor patch.	CVE-2005-1979 CVE-2005-2119 CVE-2005-1978
Snort Back Orifice Preprocessor Buffer Overflow - UNIX	A buffer overflow vulnerability exists within Snort's Back Orifice preprocessor which may allow for an attacker to send a specially-crafted packet in order to execute arbitrary code on the Snort Intrusion Detection System. Fix:Upgrade Snort to version 2.4.3 or later. Version 2.4.3 also includes a mechanism to detect exploits against vulnerable sensors, and optionally for inline sensors, drop the offending traffic.
Veritas NetBackup Java User-Interface Remote Arbitrary Code Execution - UNIX	A format string vulnerability exists within Veritas' NetBackup Java User-Interface which may allow for an attacker to remotely send a specially-crafted message to a vulnerable host in order to execute arbitrary code. Fix:Apply the appropriate vendor-supplied patch.	CVE-2005-2715
HP Web Jetadmin ExecuteFile Function Bypass	A bypass vulnerability exists within HP's Web Jetadmin ExecuteFile function which may allow an attacker to gain root/system privileges remotely. Fix:Apply the appropriate vendor-supplied patch.
Cisco IOS System Timers Heap Buffer Overflow	A heap overflow vulnerability exists within Cisco IOS which may allow for an attacker to send a specially-crafted packet in order to potentially execute arbitrary code on the IOS device. Fix:Update Cisco IOS to the appropriate fixed release.	CVE-2005-3481
Zotob Virus Detected - Remote Check	The zotob virus has been found to have been installed on the machine. Fix:Install the appropriate patch from Microsoft (MS05-039) and ensure that anti-virus is up to date and run a full system scan to remove the virus.
Computer Associates (CA) iTechnology iGateway Service Vulnerability - Windows	A heap overflow vulnerability exists within Computer Associate's iTechnology iGateway Service which may allow for an attacker to remotely execute arbitrary code on the host. This vulnerability exists on ALL iGateway platforms. Fix:Upgrade iGateway to version 4.0.051230 or later.	CVE-2005-3653
Computer Associates (CA) iTechnology iGateway Service Vulnerability - UNIX	A heap overflow vulnerability exists within Computer Associate's iTechnology iGateway Service which may allow for an attacker to remotely execute arbitrary code on the host. This vulnerability exists on ALL iGateway platforms. Fix:Upgrade iGateway to version 4.0.051230 or later.	CVE-2005-3653
MS03-031: Microsoft SQL Server - 2000	Multiple vulnerabilities exist within Microsoft SQL Sever which may allow an attacker to elevated privileges, denial of service condition or execute arbitrary code. Fix:Install the appropriate patch, and/or upgrade to the latest version (service pack) available from the vendor.	CVE-2003-0232 CVE-2003-0230 CVE-2003-0231
Sendmail Signal Handling Race Condition	A race condition in Sendmail may allow for a remote attacker to execute code. The vulnerability exists because of improper handling of asynchronous signals. A remote and anonymous attacker could exploit this vulnerability by forcing the SMTP server to have an I/O timeout at a specific moment, executing arbitrary code in the context of the Sendmail account (typically root or another privileged account). Note: this audit has the potential to produce a false positive result for Sendmail patches that don't increment the Sendmail version in the SMTP banner. Fix:Upgrade Sendmail to version 8.13.6 or newer, or upgrade appropriate vendor-specifc packages.	CVE-2006-0058
Microsoft DTC Remote Code Execution (913580) - NT4 - Remote	A remote code execution vulnerability exists within Microsoft's Distributed Transaction Coordinator (MSDTC) service. This vulnerability is only exploitable on the Windows NT platform, and is a DoS for other platforms (Windows 2000 and up). This vulnerability arises from an improper buffer length check, which results in a heap overflow, allowing for remote, non-credentialed remote code execution. Fix:If you have a Microsoft Custom Support Agreement (CSA), apply the appropriate patch (KB913580). Otherwise, disable MSDTC on any machine without other layers of protection (such as a host-based IPS).	CVE-2006-1299
Apache Mod_SSL Log Function Format String - RHSA-2004:408	A weakness exists in mod_ssl which can be used by an attacker to cause execution of strings logged via HTTPS. Fix:Upgrade mod_ssl to version 2.8.19-1.3.31 or higher.	CVE-2004-0700
Solaris ftpd glob heap overflow - Solaris 8 (sparc)	The Solaris ftp daemon contains a heap-based buffer overflow condition. The problem exists when handling directory alias related characters such as ''~'' which refers to a users home directory. Fix:We recommend downloading a patch from your vendor when available. If no patch is available either disable this service or use a more secure alternative.	CVE-2001-0249
Solaris ftpd glob heap overflow - Solars 8 (x86)	The Solaris ftp daemon contains a heap-based buffer overflow condition. The problem exists when handling directory alias related characters such as ''~'' which refers to a users home directory. Fix:We recommend downloading a patch from your vendor when available. If no patch is available either disable this service or use a more secure alternative.	CVE-2001-0249
Solaris ftpd glob heap overflow - Solaris 7 (sparc)	The Solaris ftp daemon contains a heap-based buffer overflow condition. The problem exists when handling directory alias related characters such as ''~'' which refers to a users home directory. Fix:We recommend downloading a patch from your vendor when available. If no patch is available either disable this service or use a more secure alternative.	CVE-2001-0249
Solaris ftpd glob heap overflow - Solaris 7 (x86)	The Solaris ftp daemon contains a heap-based buffer overflow condition. The problem exists when handling directory alias related characters such as ''~'' which refers to a users home directory. Fix:We recommend downloading a patch from your vendor when available. If no patch is available either disable this service or use a more secure alternative.	CVE-2001-0249
MAXdev MD-Pro SQL Injection And Information Leak	Multiple vulnerabilities exist within MAXdev MD-Pro versions prior to 1.0.76 which may allow for an attacker to exploit some of the application's parameters in order to conduct SQL injection attacks or gain the installation path of the program. Fix:Currently there is no vendor supplied solution.
DNGuestbook Amin.php SQL Injection	A SQL injection vulnerability exists within dnGuestbook versions prior to 2.0 which may allow for an attacker to use the improperly sanitized "admin.php" variables "email" and "id" in order to conduct SQL injections attacks. Fix:Currently there is no vendor supplied solution.
Cyrus SASL DIGEST-MD5 Denial Of Service	A denial of service vulnerability exists within Cyrus SASL which may allow for an attacker to use an undisclosed method to exploit the DIGEST-MD5 process in order to cause a denial of service condition. Fix:Upgrade to Cyrus SASL library 2.1.21 (or current version).	CVE-2006-1721
SmartISoft PHPListPro "Config.php" Code Execution	A file inclusion vulnerability exists within SmartISoft phpListPro versions 2.0.0 and prior which may allow for an attacker to use the improperly sanitized "returnpath" variable within "config.php" to include malicious scripts in order to have those scripts executed with the privileges of the web server. Fix:Currently there is no vendor supplied patch.
Novell GroupWise Messenger Accept Language Buffer Overflow	A buffer overflow vulnerability exists within Novell GroupWise Messenger. The vulnerability is due to the Messaging Agent's improper handling of an overly long "Accept-Language" header which may allow for an attacker to execute arbitrary commands with SYSTEM privileges. Fix:Upgrade to Novell GroupWise Messenger 2.0 Public Beta 2 (referenced below under "Novell - TID10100861").	CVE-2006-0992
Warforge.NEWS Multiple Script SQL Injection and Cross Site Scripting	Multiple vulnerabilities exist within Warforge.NEWS which may allow for an attacker to conduct SQL injection and cross site scripting attacks. The first vulnerability is due to the improper sanitization of variables within various scripts which could lead to arbitrary scripting code being executed within the security context of the web site. The second vulnerability is due to the improper sanitization of the "authusername" and "authpassword" variables within "authcheck.php" which may lead to SQL injection attacks. Fix:Currently there is no vendor supplied patch.
Winny File Transfer Port Commands Buffer Overflow - Remote	A buffer overflow vulnerability exists within Winny which may allow for an attacker to use specific commands provided by the file transfer port in order to exploit the vulnerability and execute arbitrary code. Fix:Currently there is no vendor supplied solution. However, Blink Endpoint Intrusion Prevention preemptively protects from this vulnerability and Retina Network Security Scanner has been updated to identify this vulnerability.
Symantec AntiVirus Scan Engine Multiple Issues (SYM06-008)	Multiple vulnerabilities exist within Symantec Scan Engine which may allow for an attacker to conduct various attacks. These vulnerabilities may result in authentication being bypassed, man-in-the-middle attacks, and information leaks. Fix:Upgrade to Symantec Scan Engine version 5.1.	CVE-2006-0232 CVE-2006-0230 CVE-2006-0231
Winny File Transfer Port Commands Buffer Overflow - Process	A buffer overflow vulnerability exists within Winny which may allow for an attacker to use specific commands provided by the file transfer port in order to exploit the vulnerability and execute arbitrary code. Fix:Currently there is no vendor supplied solution. However, Blink Endpoint Intrusion Prevention preemptively protects from this vulnerability and Retina Network Security Scanner has been updated to identify this vulnerability.
CA BrightStor ARCserve Backup Enterprise Option for SAP R3 Oracle	A buffer overflow vulnerability exists within the Computer Associates ARCServe BrightStor agent which may allow for an attacker to create a specially-crafted packet in order to execute arbitrary code. Fix:Apply the appropriate vendor patch.	CVE-2005-1272
CA BrightStor ARCserve Backup Enterprise Option for Microsoft SQL Server	A buffer overflow vulnerability exists within the Computer Associates ARCServe BrightStor agent which may allow for an attacker to create a specially-crafted packet in order to execute arbitrary code. Fix:Apply the appropriate vendor patch.	CVE-2005-1272
CA BrightStor ARCserve Backup Enterprise Option for Oracle	A buffer overflow vulnerability exists within the Computer Associates ARCServe BrightStor agent which may allow for an attacker to create a specially-crafted packet in order to execute arbitrary code. Fix:Apply the appropriate vendor patch.	CVE-2005-1272
CA BrightStor ARCserve Backup Agent for Microsoft Exchange	A buffer overflow vulnerability exists within the Computer Associates ARCServe BrightStor agent which may allow for an attacker to create a specially-crafted packet in order to execute arbitrary code. Fix:Apply the appropriate vendor patch.	CVE-2005-1272
Artmedic Event "Index.php" Script Command Execution	A command execution vulnerability exists within Artmedic Event which may allow for an attacker to exploit the "index.php" script via the unsanitized "page" variable in order to include arbitrary files and execute commands. Fix:Currently there is no vendor supplied solution.	CVE-2006-2119
Aardvark Topsites PHP "Lostpw.php" Script Command Execution	A command execution vulnerability exists within Aardvark Topsites PHP versions prior to 5.0.2 which may allow for an attacker to exploit the "lostpw.php" script via the unsanitized "CONFIG[path]" variable in order to include arbitrary files and execute commands. Fix:Upgrade to Aardvark Topsites PHP version 5.0.2.
PHPBB Knowledge Base Module "KB_Constants.php" Script Command Execution	A command execution vulnerability exists within Knowledge Base Mod for phpBB which may allow for an attacker to exploit the "kb_constants.php" script via the unsanitized "module_root_path" variable in order to include arbitrary files and execute commands. Fix:Currently there is no vendor supplied solution.
WEBInsta Limbo "SQL.php" Script Command Execution	A command execution vulnerability exists within WEBInsta Limbo which may allow for an attacker to exploit the "sql.php" script via the improperly sanitized "classes_dir" variable in order to include arbitrary files and execute commands. Fix:Currently there is no vendor supplied solution.
RealVNC Password Validation Security Bypass - Remote	A bypass vulnerability exists within RealVNC which may allow for an attacker to exploit the application's weak authentication system via a specially crafted request in order to gain access to an affected system. NOTE: As blacklisting is supported in RealVNC, it is suggested that the non-remote version is used with registry-accessible credentials so that the scanning IP address is not blacklisted from multiple Retina scans. Fix:Upgrade to RealVNC Free Edition 4.1.2, Personal Edition 4.2.3, or Enterprise Edition 4.2.3.	CVE-2006-2369
RealVNC Password Validation Security Bypass	A bypass vulnerability exists within RealVNC which may allow for an attacker to exploit the application's weak authentication system via a specially crafted request in order to gain access to an affected system. Fix:Upgrade to RealVNC Free Edition 4.1.2, Personal Edition 4.2.3, or Enterprise Edition 4.2.3.	CVE-2006-2369
ACID CMS Root_Path Variable Command Execution	A command execution vulnerability exists within ACID CMS which may allow for an attacker to exploit multiple scripts via the improperly sanitized "root_path" variable in order to include arbitrary files and have commands execute at the security level of the web server. Fix:Currently there is no vendor supplied solution (current version is 1.1.3).
MyNewsletter ValidateLogin.asp Script SQL Injection	A SQL injection vulnerability exists within myNewsletter which may allow for an attacker to exploit the validatelogin.asp script via the improperly sanitized "UserName" variable in order to conduct SQL injection attacks. Fix:Currently there is no vendor supplied solution (current version is 1.1.2).
MySQL Multi-Byte Character Sets SQL Injection - Remote	A SQL injection vulnerability exists within MySQL which may allow for an attacker to exploit the mysql_real_escape_string() function when operating in multi-byte character sets and parsing certain ASCII characters in order to conduct SQL injection attacks. Fix:Upgrade to MySQL version 4.1.20, 5.0.22, or 5.1.11.
WebspotBlogging Path Variable Code Execution	A code execution vulnerability exists within WebspotBlogging which may allow for an attacker to exploit the logincheck.inc.php, adminheader.inc.php, mainhead.inc.php, and global.php scripts via the improperly sanitized "path" variable in order to include arbitrary files and have code executed at the security level of an affected web server. Fix:Currently there is no vendor supplied solution (current version is 3.0.1).
Claroline IncludePath Variable Code Execution	A code execution vulnerability exists within Claroline which may allow for an attacker to exploit the mambo.inc.php and postnuke.inc.php scripts via the improperly sanitized "includePath" variable in order to include arbitrary files and have code executed at the security level of the affected web server. Fix:Currently there is no vendor supplied solution (current version is 1.7.6).
DotClear Prepend.php Script Code Execution	A code execution vulnerability exists within DotClear which may allow for an attacker to exploit the prepend.php script via the improperly sanitized "blog_dc_path" variable in order to include arbitrary files and have code executed at the privilege level of the affected web server. Fix:Currently there is no vendor supplied solution (current version is 1.2.4).
LocazoList Classifieds ViewMSG.asp Script SQL Injection	A SQL injection vulnerability exists within LocazoList Classifieds which may allow for an attacker to exploit the viewmsg.asp script via the improperly sanitized "msgid" variable in order to conduct SQL injection attacks. Fix:Currently there is no vendor supplied solution (current version is 1.05e).
CS-Cart Class.CS_PHPMailer.php Script Command Execution	A command execution vulnerability exists within CS-Cart which may allow for an attacker to exploit the class.cs_phpmailer.php script via the improperly sanitized "classes_dir" variable in order to include arbitrary files and have commands executed at the privilege level of the affected web server. Fix:Currently there is no vendor supplied solution (current version is 1.3.3).
Particle Wiki Index.php Script SQL Injection	A SQL Injection vulnerability exists within Particle Wiki which may allow for an attacker to exploit the index.php script via the unsanitized "version" variable in order to conduct SQL injection attacks on an affected system. Fix:Currently there is no vendor supplied solution (current version is 1.0.2).
Particle Gallery Viewimage.php Script SQL Injection	A SQL Injection vulnerability exists within Particle Gallery which may allow for an attacker to exploit the viewimage.php script via the unsanitized "imageid" variable in order to conduct SQL injection attacks on an affected system. Fix:Currently there is no vendor supplied solution (current version is 1.0.0).
LifeType Index.php Script SQL Injection	A SQL injection vulnerability exists within LifeType which may allow for an attacker to exploit the index.php script via the improperly sanitized "articleId" variable in order to conduct SQL injection attacks. Fix:Upgrade to LifeType version 1.0.5.
Lore Comment.php Script SQL Injection	A SQL injection vulnerability exists within Lore which may allow for an attacker to exploit the comment.php script via the improperly sanitized "article_id" variable in order to conduct SQL injection attacks. Fix:Currently there is no vendor supplied solution (current Lore version is 1.5.6).
METAjour System_Path Variable Command Execution	A command execution vulnerability exists within METAjour which may allow for various scripts to be exploited via the "system_path" variable in order to include arbitrary scripts and execute arbitrary commands at the privilege level of the web server. Fix:Currently there is no vendor supplied solution (current version is 2.1).
Gnopaste Common.php Script Command Execution	A command execution vulnerability exists within Gnopaste which may allow for an attacker to exploit the common.php script via the improperly sanitized "root_path" variable in order to include arbitrary files and execute commands at the privilege level of the web server. Fix:Upgrade to gnopaste version 0.5.4.
PHPBB Advanced GuestBook Module "Addentry.php" Script Command Execution	A command execution vulnerability exists within the Advanced Guestbook module for phpBB which may allow for an attacker to exploit the "addentry.php" script via the unsanitized "phpbb_root_path" variable in order to include arbitrary files and execute commands. Fix:Currently there is no vendor supplied solution (current version is 2.4.0).
PHPBB Toplist Module "Toplist.php" Script Command Execution	A command execution vulnerability exists within the Toplist module for phpBB which may allow for an attacker to exploit the "toplist.php" script via the unsanitized "phpbb_root_path" variable in order to include arbitrary files and execute commands. Fix:Currently there is no vendor supplied solution.
Advanced Poll HTTP Header SQL Injection	A SQL injection vulnerability exists within Advanced Poll which may allow for an attacker to exploit the "class_poll.php" script via the unsanitized "User-Agent" HTTP header in order to conduct SQL injection attacks. Fix:Currently there is no vendor supplied solution (current version is 2.0.4).	CVE-2006-2130
4images Multiple Script SQL Injection	A SQL injection vulnerability exists within 4images which may allow for an attacker to exploit the "top.php" and "member.php" scripts via the unsanitized "sessionid" variable in order to conduct SQL injection attacks. Fix:Currently there is no vendor supplied solution (current version is 1.7.2).
X7 Chat "Index.php" Script Multiple Command Execution	Multiple command execution vulnerabilities exist within X7 Chat which may allow for an attacker to exploit the "index.php" script via the improperly sanitized "help_file" variable in order to include arbitrary local files resulting in commands being executed. Another vulnerability involving unsanitized avatar images that are uploaded can be used in conjunction with the previous vulnerability in order to execute arbitrary commands also. Fix:Currently there is no vendor supplied solution (current version is 2.0.0).
CyberBuild Multiple Script Cross Site Scripting And SQL Injection	Multiple vulnerabilities exist within CyberBuild which may allow for an attacker to exploit the "login.asp" and "browse0.htm" scripts via the unsanitized "SessionID" and "ProductIndex" variables in order to conduct cross site scripting or SQL injection attacks. Fix:Currently there is no vendor supplied solution.
FtrainSoft Fast Click "Show.php" Script Command Execution	A command execution vulnerability exists within FtrainSoft Fast Click which may allow for an attacker to exploit the "show.php" script via the unsanitized "path" variable in order to execute arbitrary commands. Fix:Currently there is no vendor supplied solution.
PHPBB PHPBB-Auction Module Command Execution	A command execution vulnerability exists within phpbb-Auction module for phpBB which may allow for an attacker to exploit the "auction_common.php" script via the unsanitized "phpbb_root_path" variable in order to include arbitrary files and execute commands. Fix:Currently there is no vendor supplied solution (current version is 1.3m).
Microsoft RRAS Remote Code Execution (911280) - Remote	A code execution vulnerability exists within the Microsoft Routing and Remote Access Service which may allow for an attacker to exploit an unchecked buffer in the service in order to execute arbitrary code and potentially gain complete control of an affected system. Fix:Apply the Microsoft provided update. Download page is referenced below as "Microsoft Security Bulletin MS06-025".	CVE-2006-2370 CVE-2006-2371
Microsoft Server Service Remote Code Execution (917159) - Remote	Multiple vulnerabilities exist within the Server service driver which may allow for remote code execution as well as information disclosure. The remote code execution vulnerability is a heap overflow within the Mailslot function within the Server service. The information disclosure vulnerability is within the SMB functionality of the Server service, and allows a remote attacker to view fragments of memory used to store SMB traffic, which may allow for further exploitation. Fix:Besides blocking Netbios (TCP 139/445) ports, there is no mitigation. Apply the appropriate vendor-supplied patch (KB917159).	CVE-2006-1314 CVE-2006-1315
McAfee ePolicy Orchestrator Framework Remote Code Execution	A directory traversal vulnerability exists within ePolicy Orchestrator (ePO) clients/servers which may allow for remote code execution by writing an arbitrary file to any directory on the remote host. This vulnerability affects all systems that use an ePO client, regardless of OS. Typically the vulnerable port is TCP/8081, but can be easily configured by administrators to be any TCP port. The Retina audit will test any detected HTTP server, regardless of port. Fix:Apply the appropriate vendor-supplied patch (referenced).
Microsoft Server Service Remote Code Execution (921883) - Remote	A buffer overflow vulnerability exists within the Server service which may allow for a remote, anonymous attacker to execute arbitrary code on a host. This vulnerability arises from an unchecked buffer. This audit is using techniques to remotely check for the existence of the vulnerability. It is measuring whether or not this system is vulnerable to remote exploitation of this problem. Specific system configurations may make this problem not vulnerable even without the associated patch being installed. In these cases, installation of the patch is still recommended. Fix:Apply the appropriate hotfix from Microsoft (KB921883).	CVE-2006-3439
Ipswitch WS_FTP Limited Edition (LE) 5.08 Buffer Overflow	Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. Fix:Update to 6.0 or later WS_FTP LE.	CVE-2006-4974
Cisco IOS DOCSIS Read-Write Community String	A vulnerability exists in certain Cisco IOS software release trains running on the Cisco IAD2400 series, 1900 Series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community string when SNMP is enabled on the device. The default community string is a result of inadvertently identifying these devices as supporting Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces. The consequence of this error is that an additional read-write community string may be enabled if the device is configured for SNMP management, allowing a knowledgeable attacker the potential to gain privileged access to the device. Fix:Update Cisco IOS to the appropriate fixed release.
OpenSSL 0.9.7/0.9.8 Multiple Vulnerabilities	Four new vulnerabilities have been addressed in the OpenSSL 0.9.7 (0.9.7k and earlier) and 0.9.8 (0.9.8c and earlier) lines. The first is a DoS due to improper error handling of an invalid ASN.1 structure. The second is a DoS condition caused by the use of certain public keys that require intensive CPU usage to process. The third is a buffer overflow that can be caused when a list of ciphers is sent to an application using the SSL_get_shared_ciphers() function. And the fourth is an unspecified crash in SSLv2 clients that can be caused by connecting to a malicious server. Fix:Update to OpenSSL 0.9.8d or OpenSSL 0.9.7l from OpenSSL.org, or apply vendor specific patches.	CVE-2006-3738 CVE-2006-2937 CVE-2006-2940 CVE-2006-4343
Oracle TNS Listener Without Password	The TNS Listener on the remote host is showing that it has no designated password. Fix:Always ensure that all database communication requires authentication.
McAfee ePolicy Orchestrator/ProtectionPilot Remote Code Execution	A buffer overflow vulnerability exists within McAfee's ePolicy Orchestrator and ProtectionPilot which may allow for a remote, unauthenticated attacker to execute arbitrary code on the remote system under the SYSTEM context. Published exploit code exists and exploitation is actually trivial. Fix:Apply the appropriate vendor-supplied patch.	CVE-2006-5156
SNMP Remote Code Execution (926247) - Remote	An unspecified remote code execution vulnerability exists in SNMP Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. The SNMP service allows incoming (Simple Network Management Protocol) SNMP requests to be serviced by the local computer. Fix:Download the update from Microsoft or through automatic updates.	CVE-2006-5583
CA BrightStor ARCserve Backup Buffer Overflow - Jan 2007	Multiple buffer overflow vulnerabilities have been identified within CA BrightStor ARCserve. These vulnerabilities allow for an attacker to executed arbitrary code as SYSTEM on a remote host without authentication. Fix:Apply the appropriate fix based on the versions supported in the CA advisory.	CVE-2007-0168
CA BrightStor ARCServe Backup for L&D Buffer Overflow	A remote buffer overflow vulnerability exists within CA BrightStor ARCServe Backup for Laptops and Desktops that would allow an unauthenticated remote attacker to execute arbitrary code as SYSTEM. This service runs on tcp port 1900. Fix:Apply the appropriate vendor-supplied patch.
Solaris Telnet -f Authentication Bypass - Remote	The Telnet service in Solaris 10 contains an authentication bypass vulnerability that allows a remote, anonymous attacker to log in as any user granted Telnet access, without requiring a password. The vulnerability may be exploited on a susceptible system by using the Telnet client with a command line such as "telnet -l-f<user> <host>". Fix:Install the appropriate Solaris patch, or disable the Telnet service as a workaround.	CVE-2007-0882
Tarpit Detected	A Tarpit has been detected on the target being scanned. A Tarpit is a mechanism designed to prevent scanners from effectively communicating with the system running the Tarpit. Retina is skipping this target for the current scan. In the future, please disable the Tarpit on the system prior to scanning it with Retina. Fix:Disable the Tarpit on the system prior to scanning.
PHP Multiple Vulnerabilities (200704)	Multiple vulnerabilities have been identified in PHP versions prior to 4.4.6 or 5.2.1. These range in severity from information disclosure to denial of service to possible code execution. Note: This audit is designed for versions of PHP obtained from PHP.net and may report false findings with vendor specific backports. Fix:Update to PHP 4.4.6 or newer, 5.2.1 or newer, or newest available vendor-supplied PHP packages.	CVE-2007-1454 CVE-2007-1701 CVE-2007-0909 CVE-2007-0908 CVE-2007-0910 CVE-2007-1286 CVE-2007-0907 CVE-2007-0905 CVE-2007-1700 CVE-2007-0988 CVE-2007-1825 CVE-2007-1383 CVE-2007-1380 CVE-2007-1824 CVE-2007-0906 CVE-2007-1376 CVE-2007-1452 CVE-2007-1453
Cisco IOS Crafted IP Remote Code Execution	Routers and switches running Cisco IOS and Cisco IOS XR may be vulnerable to a remote code execution attack in IP header processing. The vulnerability may be exploited in ICMP, PIMv2, PGM, or URD packets containing a malicious header. Fix:Update to the appropriate IOS version.	CVE-2007-0480
Microsoft Exchange Server Multiple Vulnerabilities (931832) - POP3	Multiple vulnerabilities have been identified in various components of Microsoft Exchange Server. The most severe of these allow remote code execution on the system running Exchange Server. The others allow denial of service attacks and OWA script injection. Fix:Download the update from Microsoft or through automatic updates.	CVE-2007-0220 CVE-2007-0221 CVE-2007-0039 CVE-2007-0213
Microsoft Exchange Server Multiple Vulnerabilities (931832) - IMAP	Multiple vulnerabilities have been identified in various components of Microsoft Exchange Server. The most severe of these allow remote code execution on the system running Exchange Server. The others allow denial of service attacks and OWA script injection. Fix:Download the update from Microsoft or through automatic updates.	CVE-2007-0220 CVE-2007-0221 CVE-2007-0039 CVE-2007-0213
Namazu Multiple Vulnerabilities - May 2007	Multiple vulnerabilities exist in Namazu including XSS and directory transversal which could allow information disclosure. Fix:Update to Namazu 2.0.17
Samba Multiple Buffer Overflow Vulnerabilities - May 2007	Multiple heap buffer overflow vulnerabilities, as well as command injection and privilege escalation bugs, have been identified in Samba 3 before 3.0.25 (including the 3.0.25 release candidates). The buffer overflows can allow remote code execution, allowing an attacker to take full control of the Samba server. Note: this audit will produce a false positive result if the source patch was installed on 3.0.24 instead of updating to 3.0.25. Fix:Update to version 3.0.25 or later of Samba.	CVE-2007-2446 CVE-2007-2447 CVE-2007-2444
Samba Multiple Buffer Overflow Vulnerabilities - May 2007 - Remote	Multiple heap buffer overflow vulnerabilities, as well as command injection and privilege escalation bugs, have been identified in Samba 3 before 3.0.25 (including the 3.0.25 release candidates). The buffer overflows can allow remote code execution, allowing an attacker to take full control of the Samba server. Fix:Update to version 3.0.25 or later of Samba.	CVE-2007-2446 CVE-2007-2447 CVE-2007-2444
Microsoft IIS 5 Hit-highlighting Authentication Bypass	Microsoft IIS 5.0 and 5.1 are vulnerable to authentication bypass from hit-highlighting with Webhits.dll. An attackers could exploit this issue to gain access to private files hosted on an IIS server. It is speculated that an attacker from a trusted zone could execute arbitrary commands on the server. (Note: This audit will query the HTTP server for the hit-highlighting component used by exploit code and may produce false positives on servers using workaround solutions.) Fix:Refer to the Microsoft Knowledge Base Article (KB328832) for detailed workaround solutions.
ISC BIND Remote Cache Poisoning Vulnerability - UNIX/Linux	BIND 9 is vulnerable to a remote DNS cache poisoning attack that would allow an attacker to corrupt entries within an affected system. By corrupting the data, the attacker could cause outgoing network traffic to be redirected to a potentially malicious system. (Note: This audit checks for builds using source code found on ISC.org and may cause false positives with vendor specific backports.) Fix:Update to version(s) 9.2.8-P1, 9.3.4-P1, 9.4.1-P1, or 9.5.0a6	CVE-2007-2926
Cisco IOS Secure Copy Authorization Bypass	A vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem without privilege levels being checked. Fix:Update Cisco IOS to the appropriate fixed release.	CVE-2007-4263
HP Openview Multiple Remote Vulnerabilities - August 2007	Hewlett-Packard (HP) has reported a new vulnerability affecting multiple HP Openview products. Successful exploitation of this vulnerability would allow an attacker to execute remote code with administrative rights. Fix:OpenView has been detected on this system. Visit the vendor page to ensure you have applied the appropriate hotfixes and are currently up to date with patches.	CVE-2007-3872
Trend Micro ServerProtect Multiple RPC Vulnerabilities	Trend Micro ServerProtect software suite is vulnerable to 7 buffer overflows within multiple RPC interfaces which could lead to a denial of service condition or remote code execution in the context of SYSTEM if successful. Fix:Apply Security Patch Build 1185	CVE-2007-1070 CVE-2007-4219 CVE-2007-4218
ISC BIND 8 Remote DNS Cache Poisoning	BIND 8 is vulnerable to a remote DNS cache poisoning attack that would allow an attacker to corrupt entries within an affected system. By corrupting the data, the attacker could cause outgoing network traffic to be redirected to a potentially malicious system. Fix:Update to versions 8.4.7-P1 or 9.4.1-P1 or newest BIND release.	CVE-2007-2930
Cisco IOS EAP Denial of Service	A denial of service vulnerability exists within Cisco IOS Extensible Authentication Protocol (EAP). An attacker may exploit this by sending a specially crafted EAP Response Identity packet to cause the target EAP-enabled device to reload. Fix:Update your software version as directed in the Cisco advisory.	CVE-2007-5651
Apache httpd 2.2.6 Update	Apache Software Foundation has issued an update for Apache httpd 2.2.x that addresses Denial of Service, Cross Site Scripting, and Information Disclosure vulnerabilities. Fix:Update version to Apache httpd 2.2.6 or later.	CVE-2007-1862 CVE-2007-3847 CVE-2007-3304 CVE-2006-5752 CVE-2007-1863
Exim Pipe Hostname Remote Command Execution	A vulnerability exists in Exim when handling the pipe symbol in a hostname that could allow remote execution of arbitrary commands. Fix:Upgrade to Exim 3.36 or latest version.	CVE-2001-0889 CVE-2001-0690
Cisco Firewall Services Module Denial of Service	A remote denial of service vulnerability exists in Cisco Firewall Services Module (FWSM) when handling malformed network packets. Fix:Upgrade to FWSM software version 3.2(4)	CVE-2007-5584
DDC RtspVaPgCtrl ActiveX Control Buffer Overflow (Zero-Day)	A buffer overflow vulnerability exists in Digital Data Communications RtspVaPgCtrl ActiveX Control that could allow execution of arbitrary code in the context of the logged in user. Fix:The best form of mitigation is available by kill-bitting the CLSID for the RtspVaPgCtrl ActiveX Control (CLSID: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2}) by following the directions of Microsoft KB240797.	CVE-2008-0380
ISC BIND inet_network() Off-by-One Buffer Overflow	ISC BIND contains an off-by-one buffer overflow vulnerability in the inet_network() libc library function. Any applications linked against the libbind library could be exploited to cause a denial of service or execute arbitrary code. Fix:Install updated packages from appropriate vendor, or install updated version from the ISC BIND website.	CVE-2007-6283 CVE-2008-0122
Citadel makeuserkey() Buffer Overflow	The Citadel SMTP service contains a buffer overflow vulnerability in the makeuserkey() function that could allow execution of arbitrary code in the context of the running service. Fix:Upgrade Citadel to version 7.24 or newer.
IBM WebSphere 6.0.2 Fix Pack 25	IBM has released Fix Pack 25 for WebSphere Application Server that addresses multiple remote vulnerabilities, including a buffer-handling vulnerability, information disclosure vulnerabilities, and several others with unspecified impacts. Fix:Install IBM WebSphere Fix Pack 25 (6.0.2.25) or latest release.
Cisco PIX and ASA Time-to-Live Denial of Service	A denial of service vulnerability exists in Cisco PIX and ASA appliances Time-to-Live decrement feature when processing malformed IP packets. This can be exploited to cause the affected device to reload. Fix:Apply vendor supplied fix.	CVE-2008-0028
Windows Vista TCP/IP DHCP Denial Of Service Vulnerability (946456)	A denial of service vulnerability exists in TCP/IP processing in Windows Vista. An attacker could exploit the vulnerability by creating a specially crafted DHCP server that returns a specially crafted packet to a host, corrupting TCP/IP structures and causing the affected system to stop responding and automatically restart. Fix:Apply KB946456 through Microsoft's website or through Automatic Updates. This update supersedes MS08-001 for Windows Vista.	CVE-2008-0084
Microsoft IIS File Change Notification Privilege Elevation (942831) - IIS 5.1/6	A local elevation of privilege vulnerability exists in the way that the Internet Information Service handles file change notifications in the FTPRoot, NNTPFile\Root, and WWWRoot folders. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of local system. Fix:Apply KB942831 from Microsoft's website or through Automatic Updates.	CVE-2008-0074
Kerio MailServer Multiple Vulnerabilities	Kerio MailServer contains buffer overflow and memory corruption vulnerabilities, as well as other security issues, that could be exploited to allow an attacker to execute arbitrary code or cause a denial of service. Fix:Upgrade to Kerio MailServer 6.5.0
IIS Content-Location Internal IP Exposure	An information leak vulnerability exists within IIS versions 4.0, 5.0, 5.1, and 6.0 that may allow for an attacker to obtain the private internal IP address of the affected system by viewing the Content-Location header. Private internal IP addresses that are typically hidden or masked behind a NAT Firewall or a proxy server may also be exposed. Fix:IIS 4.0, 5.0, and 5.1 users should configure the Content-Location header to reference a Fully Qualified Domain Name (FQDN) or Hostname. This is further detailed in Microsoft Knowledge Base Article 218180. IIS 6.0 users should install the supplied hotfix and configure the Content-Location header to reference a Fully Qualified Domain Name (FQDN) or Hostname. This is further detailed in Microsoft Knowledge Base Article 834141.
Apache httpd Multiple Versions Update	Apache Software Foundation has issued an update for Apache httpd 2.2.x, 2.0.x, and 1.3.x that addresses multiple vulnerabilities with various impacts, including: denial of service conditions, execution of arbitrary script code via cross site scripting, and cross site request forgery. Note: This audit may report false findings on vendor-specific Apache backports and versions that are not fully configured with affected modules. Fix:Upgrade to Apache httpd 2.2.8, 2.0.63, or 1.3.41, or newest available version.	CVE-2008-0005 CVE-2007-6388 CVE-2007-6422 CVE-2007-6420 CVE-2007-5000 CVE-2007-6421
Apache Tomcat Multiple Versions Update	Apache Software Foundation has issued an update for Apache Tomcat 6.0.x, 5.5.x, and 4.1.x that addresses multiple vulnerabilities with various impacts, including: disclosure of sensitive information, execution of arbitrary script code via cross site scripting, session hijacking, privilege escalation, and manipulation of data. Fix:Upgrade to Apache Tomcat 6.0.16, 5.5.26, or 4.1.37, or newest available version.	CVE-2007-5461 CVE-2007-5333 CVE-2007-6286 CVE-2008-0002 CVE-2007-5342
Livebox TP Router ADI Convergence Galaxy FTP Server Denial of Service	A buffer overflow vulnerability exists in versions of Livebox TP Routers running the ADI Convergence Galaxy FTP Server that could cause a denial of service. Fix:Disable or restrict network access to the FTP Service.
Fedora update for nx - March 2008	Multiple integer overflow vulnerabilities exist in nx for Fedora 8 due to its use of vulnerable XFree86 code. Successful exploitation could cause a denial of service condition, or could allow remote execution of arbitrary code. Fix:Upgrade nx packages to 3.1.0-25.1 or newest release.	CVE-2006-1861
Virtual Environment Detected	A virtual environment has been detected on the target system. Fix:This audit checks the target MAC address to determine if the machine is running in a virtual environment such as VMWare, Parallels, or Microsoft Virtual PC.
McAfee ePolicy Orchestrator Framework Format String	A format string vulnerability exists in the McAfee ePolicy Orchestrator Framework Service (FrameworkService.exe) when processing malformed packets that could cause a denial of service condition, or could allow execution of arbitrary code. This vulnerability affects all systems that use the ePO Framework. Typically the vulnerable port is UDP/8082, but may be configured by administrators to be another port. The Retina audit will test any detected HTTP server, regardless of port. Fix:Apply CMA 3.6.0 Patch 3 (3.6.0.595).Note: This vulnerability is said to be exploitable only when the debug level is set to 8, however the software is still inherently vulnerable and therefore should be patched as soon as possible.	CVE-2008-1357
HP OpenView Network Node Manager ovspmd Buffer Overflow	HP OpenView Network Node Manager (NNM) contains a buffer overflow vulnerability in the ovspmd service (TCP/8886) when processing malformed packets. Successful exploitation of this vulnerability could cause denial of service conditions, or potentially allow execution of arbitrary code. Fix:Restrict network access to the ovspmd service.
PHP 5 php_sprintf_appendstring() Remote Integer Overflow	An integer overflow vulnerability exists in PHP 5.2.5 and prior that could allow context-dependent attackers to remotely execute arbitrary code or cause denial of service conditions. This vulnerability is due to the "php_sprintf_appendstring()" function of "formatted_print.c" failing to check the boundaries of integer values. Successful exploitation requires the webserver to be serving an arbitrary PHP application that uses the affected function. Fix:Apply the CVS patch available from PHP, or update to PHP 5.2.6 or newest release.	CVE-2008-1384
WordPress PHP Code Execution and Cross Site Scripting	Two vulnerabilities exist in WordPress that could allow remote users to conduct cross site scripting attacks and bypass security restrictions. The first vulnerability allows an attacker to bypass the administrative security authentication via a specially crafted cookie. Successful exploitation of this vulnerability grants the attacker administrative access and could potentially allow arbitrary PHP code to be executed. The second vulnerability allows an attacker to insert arbitrary HTML or script code via an unspecified PHP parameter. Fix:Update to WordPress 2.5.1 or newer.	CVE-2008-1930
PHP Multiple Vulnerabilities (200805)	Multiple vulnerabilities exist in PHP that could allow attackers to bypass security restrictions, cause denial of service conditions, or compromise a system. These vulnerabilities include a buffer overflow in the FastCGI SAPI, an unspecified error when processing incomplete multibype characters in escapeshellcmd(), an error in cURL that allows a bypass of the safe_mode directive, a buffer overflow in PCRE, a length calculation error of PATH_TRANSLATED in cgi_main.c, and predictable seed values generated by the GENERATE_SEED macro. Note: This audit is designed for versions of PHP obtained from PHP.net and may report false findings with vendor specific backports. Fix:Update to PHP 5.2.6 or newer, PHP 4.4.8 or newer, or newest available vendor-supplied PHP packages.	CVE-2008-2050 CVE-2008-2108 CVE-2008-0599 CVE-2008-2107 CVE-2008-0674 CVE-2008-2051
Samba Receive_SMB_Raw Buffer Overflow	Samba contains a buffer overflow vulnerability in the receive_smb_raw function when parsing malformed SMB responses. Successful exploitation could allow execution of arbitrary code or could cause denial of service conditions. Note: This audit may report false findings on systems running backported versions of Samba. Fix:Install updated packages from appropriate vendor, or install updated version from the Samba website.	CVE-2009-0022 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314
Apache Tomcat mod_jk Connector URI Worker Map Buffer Overflow	A buffer overflow exists in the map_uri_to_worker function in the mod_jk connector for Apache Tomcat when processing malformed URLs. Successful exploitation could allow execution of arbitrary code or could cause denial of service conditions. (Note: This audit is for versions of mod_jk obtained from Tomcat.Apache.org and may report false findings with vendor specific backports.) Fix:Update the mod_jk connector to 1.2.21 or newest release.	CVE-2007-0774
ISC BIND Domain Name System Cache Poisoning	A vulnerability exists in ISC BIND that could allow an attacker to introduce forged DNS information into the cache of a caching nameserver due to weak entropy of DNS transaction IDs and source ports. Successful exploitation allows for redirection of Internet traffic from legitimate locations to arbitrary locations and vice versa. (Note: This audit may report false findings due to vendor specific backports of ISC BIND.) Fix:Install updated packages from appropriate vendor, or install updated version from the ISC BIND website.	CVE-2008-1447
Xerox ESS/Network Controller and MicroServer "WebUI" Vulnerability	An unspecified vulnerability exists in the ESS/Network Controller and MicroServer "WebUI" on multiple Xerox devices that could allow arbitrary command execution. Fix:Update Xerox WorkCentre, WorkCentre Pro, and/or DocumentCentre devices to appropriate version specfied in the Xerox Advisory, or update to newest available version.	CVE-2006-5290
Apache Environment Variable Conf File Buffer Overflow - IBM HTTP Server	A buffer overflow exits within Apache versions 2.0 through 2.0.50 due to when expanding environment variables in a .htaccess or httpd.conf config file. This may allow for a local attacker to create a malicious config file to overflow a buffer and execute arbitrary code. Fix:Upgrade to the latest version of Apache.	CAN-2004-0747
Apache mod_proxy Buffer Overflow - IBM HTTP Server	A buffer overflow vulnerability exists within Apache 1.3.26 â€“ 1.3.31 mod_proxy module may allow for an attacker to cause the service to stop responding and/or execute arbitrary code. Fix:Upgrade to the latest version or disable mod_proxy.	CVE-2004-0492
Apache 2.0.44 LineFeed Denial of Service - IBM HTTP Server	A vulnerability exists within Apache version 2.0.44 and prior due to an exception handling error that could cause system resource exhaustion and/or cause the service to stop responding. Fix:Upgrade Apache 2.0.45 or newer, or upgrade to appropriate vendor specific release.	CVE-2003-0132
Apache 2.0.45 APR_PSPrintf Memory Corruption - IBM HTTP Server	A memory corruption vulnerability exists within Apache version 2.0.45 and prior in the apr_sprintf() runtime library, which may be exploited by an attacker through mod_dav or any other components in order to execute arbitrary code. Fix:Upgrade to Apache version 2.0.46 or later.	CVE-2003-0245
ISC BIND Domain Name System Cache Poisoning - Cisco IOS	A vulnerability exists in ISC BIND that could allow an attacker to introduce forged DNS information into the cache of a caching nameserver due to weak entropy of DNS transaction IDs and source ports. Successful exploitation allows for redirection of Internet traffic from legitimate locations to arbitrary locations and vice versa. Fix:Install updated packages from appropriate vendor, or install updated version from the ISC BIND website.	CVE-2008-1447
Oracle Critical Patch Update CPU-JUL-2008 - WebLogic	Oracle has released their quarterly Critical Patch Update (CPU-JUL-2008) announcing multiple vulnerabilities in several Oracle products. Forty-five vulnerabilities have been identified which could allow arbitrary SQL code injection, disclosure of sensitive information, execution of arbitrary commands, data manipulation, security bypass, or cause a denial of service to the Database Server if successfully exploited. Fix:Install the Oracle July 2008 Critical Patch Update.	CVE-2008-2577 CVE-2008-2612 CVE-2008-2616 CVE-2008-2607 CVE-2008-2615 CVE-2008-2595 CVE-2008-2610 CVE-2008-2608 CVE-2008-2590 CVE-2008-2598 CVE-2008-2617 CVE-2008-2621 CVE-2008-2602 CVE-2008-2603 CVE-2008-2606 CVE-2008-2620 CVE-2008-2589 CVE-2008-2600 CVE-2008-2581 CVE-2008-2593 CVE-2008-2579 CVE-2007-1359 CVE-2008-2599 CVE-2008-2591 CVE-2008-2585 CVE-2008-2597 CVE-2008-2582 CVE-2008-2604 CVE-2008-2587 CVE-2008-2601 CVE-2008-2576 CVE-2008-2605 CVE-2008-2594 CVE-2008-2609 CVE-2008-2618 CVE-2008-2613 CVE-2008-2580 CVE-2008-2583 CVE-2008-2596 CVE-2008-2611 CVE-2008-2586 CVE-2008-2614 CVE-2008-2622 CVE-2008-2592 CVE-2008-2578
Mozilla Products Multiple Vulnerabilities (July 2008) - Fedora 9	Multiple vulnerabilities exist in Mozilla products (Firefox, Thunderbird, SeaMonkey) that could allow execution of arbitrary code, injection of arbitrary script or HTML code, spoofing attacks, security bypass, and/or disclosure of sensitive information. Fix:Update to Firefox 3.0.1, Firefox 2.0.0.16, Thunderbird 2.0.0.16, SeaMonkey 1.1.11, or a newer version of these products.	CVE-2008-2933 CVE-2008-2785 CVE-2008-2934 CVE-2008-3198
Microsoft Office OneNote URI Remote Code Execution (955047) - Office 2003	Microsoft Office OneNote contains a vulnerability when handling malformed OneNote URI's (onenote://). Successful exploitation of this vulnerability could allow remote execution of arbitrary code. Fix:Install the appropriate patch from Microsoft or through Windows Update.	CVE-2008-3007
TWiki Configuration Script Command Execution	TWiki (prior to 4.2.3) contains a vulnerability in its configuration script that could allow attackers to execute arbitrary commands or view arbitrary configuration files on the affected system. Fix:Update TWiki to version 4.2.3 or newer.	CVE-2008-3195
HP OpenView Multiple Remote Vulnerabilities (20081008)	Hewlett-Packard (HP) has reported multiple remote vulnerabilities in OpenView Network Node Manager (OV NNM). Successful exploitation of these vulnerabilities could allow disclosure of potentially sensitive information, execution of arbitrary code, or could cause a denial of service on the affected system. Fix:Install the appropriate vendor supplied patch.	CVE-2008-1852 CVE-2008-1853 CVE-2008-3536 CVE-2008-3545 CVE-2008-1851 CVE-2008-3537 CVE-2008-0068 CVE-2008-3544
Oracle Critical Patch Update CPU-OCT-2008 - WebLogic	Oracle has released their quarterly Critical Patch Update (CPU-OCT-2008) announcing multiple vulnerabilities in several Oracle products. Thirty-six vulnerabilities have been identified which could affect confidentiality, integrity, and availability if successfully exploited. Note: This audit requires the "Send Server Header" option to be enabled. Fix:Oracle Products Install the Oracle October 2008 Critical Patch Update. BEA/Oracle WebLogic Manually verify that the appropriate patches are installed.	CVE-2008-3998 CVE-2008-4002 CVE-2008-3985 CVE-2008-4008 CVE-2008-3976 CVE-2008-4005 CVE-2008-3996 CVE-2008-3986 CVE-2008-4009 CVE-2008-3977 CVE-2008-3983 CVE-2008-3989 CVE-2008-3975 CVE-2008-4013 CVE-2008-3991 CVE-2008-3982 CVE-2008-4003 CVE-2008-3984 CVE-2008-3988 CVE-2008-4011 CVE-2008-3987 CVE-2008-3994 CVE-2008-4001 CVE-2008-3990 CVE-2008-3992 CVE-2008-2625 CVE-2008-3980 CVE-2008-4004 CVE-2008-4012 CVE-2008-2624 CVE-2008-4010 CVE-2008-3993 CVE-2008-4000 CVE-2008-2619 CVE-2008-2588 CVE-2008-3995
Apache Tomcat XSS and Security Bypass (200807)	Two cross-site scripting vulnerabilities have been identified in Apache Tomcat that could allow attackers to inject arbitrary script or HTML code. In addition to these vulnerabilities, a security bypass exists when processing malformed RequestDispatcher query strings that could allow restricted content to be accessed. (Note: This audit is for versions of Tomcat obtained from Tomcat.Apache.org and may report false findings with vendor specific backports.) Fix:Upgrade Apache Tomcat to versions 6.0.18, 5.5.SVN, or 4.1.SVN, or newest release.	CVE-2008-1947 CVE-2008-2370 CVE-2008-1232
Microsoft PowerPoint Remote Code Execution (949785) - 2007 Compatibility Pack	Microsoft PowerPoint contains multiple vulnerabilities when handling malformed PowerPoint files. Successful exploitation could allow execution of arbitrary code. Fix:Install the appropriate patch from Microsoft or through Windows Update.	CVE-2008-0120 CVE-2008-1455 CVE-2008-0121
Wordpress user_login SQL Column Truncation Vulnerability	WordPress contains an SQL column truncation vulnerability in the user registration process that could allow an attacker to create an arbitrary username in order to fake the context of another user (e.g. "admin"). An attacker can then leverage this vulnerability to reset a user's password with a randomly generated password. Due to weak cryptographic secrets, it is possible for the attacker to bruteforce the randomly generated password and gain access to the user's account. Fix:Update WordPress to version 2.6.2 or newer.
ISC BIND for Windows UDP Client Handler Denial of Service	ISC BIND for Windows contains an unspecified vulnerability when processing malformed UDP packets that could cause the UDP client handler to shutdown. Successful exploitation causes a denial of service. Fix:Update ISC BIND for Windows to version 9.5.0-P2-W2, 9.4.2-P2-W2, 9.3.5-P2-W2, or newest release.	CVE-2008-4163
Apache mod_proxy_ftp Cross-Site Scripting	Apache contains a vulnerability in the "mod_proxy_ftp" module that could allow attackers to conduct cross-site scripting attacks via wildcards in the path of the proxied FTP URI. Successful exploitation allows execution of arbitrary HTML or script code. Fix:Upgrade to Apache 2.2.10 or newer, or apply appropriate vendor-supplied patch.	CVE-2008-2939
IBM WebSphere Multiple Vulnerabilities (200807-08)	IBM WebSphere (6.1.x and 6.0.x) contain multiple vulnerabilities that could allow security restrictions to be bypassed, revoked X509 certificates to remain active, or could cause denial of service conditions. Note: Several other vulnerabilities have been identified that have unspecified impacts. Fix:Install Fix Pack 19 for 6.1.0 (6.1.0.15), Fix Pack 31 for 6.0.2 (6.0.2.31), or newest available release.	CVE-2008-4111
Cisco PIX and ASA Multiple Vulnerabilities (20081022)	Cisco PIX Security Appliances and Adaptive Security Appliances (ASA) contain multiple vulnerabilities that could cause the device to reload, allow VPN authentication to be bypassed, or cause the device to consume excessive amounts of memory. Fix:Update to the appropriate fixed release.	CVE-2008-3815 CVE-2008-3817 CVE-2008-3816
OpenSSL SSL_get_shared_ciphers Vulnerability	Vulnerabilities exist in OpenSSL's SSL_get_shared_ciphers function that could allow execution of arbitrary code. (Note: This audit checks for builds using source code found on OpenSSL.org and may cause false positives with vendor specific backports.) Fix:Upgrade to OpenSSL 0.9.8f or above, or install updated vendor specific packages.	CVE-2007-5135
OpenSSL DTLS Vulnerability	Vulnerabilities exist in OpenSSL's DTLS implementation that could allow execution of arbitrary code. (Note: This audit checks for builds using source code found on OpenSSL.org and may cause false positives with vendor specific backports.) Fix:Upgrade to OpenSSL 0.9.8f or above, or install updated vendor specific packages.	CVE-2007-4995
OpenSSL DSA/ECDSA Signature Verification Vulnerability - Server	OpenSSL contains a vulnerability when performing signature checks on Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) keys used with Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols. Successful exploitation allows an attacker running a malicious OpenSSL server to bypass certificate signature validation and gain access to potentially sensitive information. Note: This audit is designed for versions obtained from OpenSSL.org and may report a false findings with vendor specific backports. As such, it may be necessary to verify the finding using a credential-based check. Fix:Upgrade software using vulnerable versions of OpenSSL libraries and/or upgrade OpenSSL to version 0.9.8j or newer.	CVE-2008-5077 CVE-2009-0021
Oracle Critical Patch Update CPU-JAN-2009 - WebLogic	Oracle has released their quarterly Critical Patch Update (CPU-JAN-2009) announcing multiple vulnerabilities in several Oracle products. Forty-one vulnerabilities have been identified which could affect confidentiality, integrity, and availability if successfully exploited. Note: This audit requires the "Send Server Header" option to be enabled. Fix:Oracle Products Install the Oracle January 2009 Critical Patch Update. BEA/Oracle WebLogic Manually verify that the appropriate patches are installed.	CVE-2008-3973 CVE-2008-5444 CVE-2008-5436 CVE-2008-5457 CVE-2008-5439 CVE-2008-5448 CVE-2008-3999 CVE-2008-4016 CVE-2008-3997 CVE-2008-4015 CVE-2008-5445 CVE-2008-3978 CVE-2008-4017 CVE-2008-3979 CVE-2008-5437 CVE-2008-5460 CVE-2008-5463 CVE-2008-4006 CVE-2008-5454 CVE-2008-5456 CVE-2008-5455 CVE-2008-4014 CVE-2008-5459 CVE-2008-5438 CVE-2008-5440 CVE-2008-5451 CVE-2008-5447 CVE-2008-5458 CVE-2008-3981 CVE-2008-5450 CVE-2008-4007 CVE-2008-5441 CVE-2008-3974 CVE-2008-5461 CVE-2008-2623 CVE-2008-5446 CVE-2008-5462 CVE-2008-5443 CVE-2008-5442 CVE-2008-5449 CVE-2008-5452
Microsoft Windows SMB Remote Code Execution (958687) - Remote	Microsoft Windows Server Message Block (SMB) Protocol contains multiple vulnerabilities when handling malformed SMB packets. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM privileges or could cause the system to stop responding and restart. Fix:Install the appropriate patch from Microsoft or through Windows Update.	CVE-2008-4835 CVE-2008-4114 CVE-2008-4834
Weak SSL MD5 Signing Authority Detected	Retina has detected an SSL signing authority that is known to use a cryptographically weak MD5 hash. An attacker may be able to predict the signed contents of the certificate thereby allowing a rogue certificate to be created. The rogue certificate could then be used to bypass signature verification and allow the attacker to compromise the confidentiality and integrity of the data, in addition to the authenticity of the certificate. Fix:Consider migrating to another Certificate Authority or upgrading to a certificate with a more secure signing algorithm. Known Organizational Units to use insecure MD5 signing include: Equifax Secure Global eBusiness CA-10 UTN-USERFirst-Network Applications TC TrustCenter Class 3 CA Secure Server Certification Authority Thawte Premium Server CA International Server CA - Class 3	CVE-2004-2761
PHP 5.2.7 Magic Quotes GPC Security Bypass	The Magic Quotes GPC directive is responsible for escaping incoming HTTP request data (GET, POST, and COOKIE) to a PHP script. PHP 5.2.7 contains a bug in the magic_quotes_gpc directive that causes it to remain disabled when it is explicitly set to be enabled. This could be leveraged by an attacker to send unescaped and potentially malformed HTTP GET, POST, and/or COOKIE requests to an affected script. Fix:PHP has offically removed version 5.2.7 from public distribution. It is recommended that PHP be upgraded to a newer version.
SquirrelMail HTML Mail Message Script Insertion	SquirrelMail contains a vulnerability when handling malformed HTML e-mail messages that could allow attackers to inject arbitrary HTML or script code within a user's browser session. Fix:Upgrade SquirrelMail to 1.4.17 or newer.	CVE-2008-2379
Linksys WVC54GC Wireless Video Camera Information Disclosure	The Linksys WVC54GC wireless video camera contains a vulnerability when processing a specially crafted packet that has been transmitted to its remote management port (UDP/916). Successful exploitation could allow disclosure of sensitive information such as video streams, wireless network credentials, and device authentication credentials. This could be further leveraged to modify the device firmware or cause a denial of service to the video camera. Fix:Upgrade the Linksys WVC54GC firmware to version 1.25 or newer.	CVE-2008-4390
Openfire Server Multiple Vulnerabilities (20081114)	Openfire Real-Time Collaboration Server contains multiple vulnerabilities that could allow attackers to inject arbitrary SQL code, bypass administration console authentication, and/or conduct cross-site scripting attacks. Fix:Upgrade Openfire to version 3.6.1 or newer.	CVE-2006-7233
Apache mod_ssl SSLCipherSuite Security Bypass	The mod_ssl module in Apache 2 (2.0.35 through 2.0.52) contains a vulnerability in the SSLCipherSuite directive that could allow an attacker to bypass security restrictions. Fix:Update Apache to 2.0.53 or newest available release.	CVE-2004-0885
Ipswitch WS_FTP Server Manager Security Bypass	Ipswitch WS_FTP Server contains a vulnerability within the WS_FTP Server Manager that could allow access restrictions to be bypassed. Successful exploitation allows an attacker to gain access to sensitive information (e.g. log view interface). Fix:Upgrade WS_FTP Server to 6.1.1.0 or newer.
Microsoft Server Service Remote Code Execution (958644) - Remote	Microsoft Windows contains a vulnerability in the server service when processing malformed RPC requests. Successful exploitation could allow execution of arbitrary code or could cause a denial of service condition. Fix:Install the appropriate patch from Microsoft or through Windows Update.	CVE-2008-4250
Blue Coat ICAP Patience Page Cross-Site Scripting	Blue Coat Proxy Security Gateway Operating System (SGOS) contains a vulnerability in the Internet Content Adaptation Protocol (ICAP) patience page that could allow injection of arbitrary HTML or script code. Successful exploitation allows attackers to conduct cross-site scripting attacks. Fix:Upgrade to 4.2.9, 5.2.5, 5.3.1.7, or newest release.	CVE-2008-4485
Cisco IOS HTTP Server Cross-Site Scripting (20090114)	Cisco IOS contains multiple vulnerabilities within its HTTP Server that could be leveraged by remote users to conduct cross-site scripting attacks. Fix:Update Cisco IOS to the appropriate fixed release, or follow suggested workarounds listed within the Cisco Advisory.	CVE-2008-3821
Apache Environment Variable Conf File Buffer Overflow	A buffer overflow exits within Apache versions 2.0 through 2.0.50 due to when expanding environment variables in a .htaccess or httpd.conf config file. This may allow for a local attacker to create a malicious config file to overflow a buffer and execute arbitrary code. Fix:Upgrade to the latest version of Apache.	CAN-2004-0747
Conficker Worm Detected	Retina has detected that the host may be infected by Conficker worm. The Conficker worm utilizes a variety of attack vectors to transmit and receive payloads, including: software vulnerabilities (e.g. MS08-067), portable media devices (e.g. USB thumb drives and hard drives), as well as leveraging endpoint weaknesses (e.g. weak passwords on network-enabled systems). The Conficker worm will also spawn remote access backdoors on the system and attempt to download additional malware to further infect the host. Fix:The system should be immediately disconnected from the network and properly disinfected. Any removable media storage devices plugged into the infected host should be also be disinfected.
HP LaserJet Web Server Unspecified Admin Component Traversal Arbitrary File Access	The remote web server is an embedded web server for an HP LaserJet printer. The version of the firmware reported by the printer is reportedly affected by a directory traversal vulnerability. Because the printer caches printed files, an attacker could exploit this in order to gain access to sensitive information. Fix:Ensure that device firmware is upgraded to the newest available version.	CVE-2008-4419
Linksys WVC54GC Wireless Internet Camera Default Credentials	Retina has detected the Linksys WVC54GC Compact Wireless-G Internet Video Camera is using the factory-default management credentials. An attacker can use these credentials to gain access or make modifications to specific information stored on the host, such as security settings and video streams, which could result in the compromise of the overall confidentiality and integrity of the device. Fix:Change the factory-default username and/or password. Manually ensure all settings have not been tampered and that the device firmware is upgraded to the newest available version.
FastCGI echo Information Disclosure	FastCGI contains a flaw in its "echo" CGI script that could allow attackers to obtain extensive information about the system. This information could include, but may not be limited to: application paths, configuration settings, versions, server addresses, hostnames, e-mail addresses, and environment variables. Fix:Restrict access to the "echo" script, remove FastCGI sample scripts, or remove FastCGI packages from the system.
BlackBerry Enterprise Server MDS Connection Service Cross-Site Scripting	BlackBerry Enterprise Server contains an input validation error in the "ConfigureStatistics" script of the MDS Connection Service that could allow injection/execution of arbitrary HTML or script code. Fix:Apply appropriate vendor supplied patch or upgrade affected product to the newest available version.	CVE-2009-0307
IBM WebSphere Application Server Multiple Vulnerabilities (200904)	IBM WebSphere Application Server (WAS) contains multiple vulnerabilities that could be exploited to bypass security restrictions, conduct cross-site scripting attacks, steal authentication credentials, view or execute files, or obtain sensitive system information. Fix:Apply appropriate vendor-supplied patch and/or fix pack. WebSphere Application Server 7.0: Apply Fix Pack 3 or newer. WebSphere Application Server 6.1: Apply Fix Pack 23 or newer. WebSphere Application Server 6.0: Upgrade to 6.0.2.33 and apply Interim Fix APAR PK81387. WebSphere Application Server 5.1: Upgrade to 5.1.1.19 and apply Interim Fix APAR PK81387.	CVE-2009-0855 CVE-2009-0856 CVE-2009-0508 CVE-2009-0891
IBM WebSphere Application Server Multiple Vulnerabilities (200902)	IBM WebSphere Application Server (WAS) contains multiple vulnerabilities that could be exploited to obtain sensitive system information, split HTTP responses, cause denial of service conditions, or bypass security restrictions. Other vulnerabilities also exist that have unspecified impacts. Fix:Apply appropriate vendor-supplied patch or fix pack.	CVE-2009-0434 CVE-2009-0435 CVE-2008-4283 CVE-2008-4284 CVE-2009-0432 CVE-2009-0438 CVE-2009-0436 CVE-2009-0433
HP OpenView Network Node Manager Multiple Vulnerabilities (20090204)	HP OpenView Network Node Manager (NNM) contains multiple vulnerabilities that could be remotely exploited to disclose the location of log directories, disclose configuration details, execute arbitrary commands, cause denial of service conditions, or execute arbitrary code. Fix:Install the appropriate vendor-supplied patch.	CVE-2008-4561 CVE-2008-4560 CVE-2008-4562 CVE-2009-0205 CVE-2008-4559
Sun Java System Application Server Detected	Retina has detected a Sun Java System Application Server on the targeted host. Sun Application Server is known to contain a vulnerability that could allow the contents of certain files to be accessed by unauthorized users. Fix:This is an informational check. Sun Java System Application Server was detected the targeted host. Manually verify that it is upgraded to the newest available version and that all relevant security patches are installed.	CVE-2009-0278
Cisco Security Manager Detected	Retina has detected that Cisco Security Manager is installed on the targeted host. Cisco Security Manager contains a known vulnerability when used with the Cisco IPS Event Viewer (IEV) that could allow a remote unauthenticated user to gain root access to the IEV database and server. Fix:This is an informational check. Manually verify that Cisco Security Manager is upgraded to the newest available version.	CVE-2008-3820
PHP Multiple Vulnerabilities (20081208)	PHP contains multiple vulnerabilities when processing malformed PCRE regular expressions, legacy IMAP requests, font files, delimiter arguments, and file names. Successful exploitation of these vulnerabilities could allow safe_mode restrictions to be bypassed, execution of arbitrary code, or could cause denial of service conditions. Note: This audit is designed for versions of PHP obtained from PHP.net and may report false findings with vendor specific backports. Fix:Upgrade PHP to version 5.2.8 or newer.	CVE-2008-2829 CVE-2008-2371 CVE-2008-3660 CVE-2008-3659 CVE-2008-2665 CVE-2008-3658 CVE-2008-2666
Oracle Critical Patch Update CPU-JUL-2009 - WebLogic	Oracle has released their quarterly Critical Patch Update (CPU-JUL-2009) announcing multiple vulnerabilities in several Oracle products. Thirty-two vulnerabilities have been identified which could affect confidentiality, integrity, and availability if successfully exploited. Note: This audit requires the "Send Server Header" option to be enabled. Fix:Oracle Products Install the appropriate April 2009 Critical Patch Updates. BEA/Oracle WebLogic Manually verify that the appropriate patches are installed.	CVE-2009-1019 CVE-2009-1986 CVE-2009-1966 CVE-2009-1094 CVE-2009-1963 CVE-2009-1975 CVE-2009-1976 CVE-2009-1968 CVE-2009-1523 CVE-2009-0217 CVE-2009-1974 CVE-2009-1021 CVE-2009-1982 CVE-2009-1983 CVE-2009-1973 CVE-2009-1020 CVE-2009-0987 CVE-2009-1970 CVE-2009-1969 CVE-2009-1980 CVE-2009-1967 CVE-2009-1984 CVE-2009-1015
FCKeditor CurrentFolder Arbitrary File Upload	A vulnerability exists in FCKeditor versions 2.6.4 and prior that could allow remote users to pass directory traversal sequences to the CurrentFolder parameter thereby disclosing the contents of arbitrary directories on the server filesystem and allowing file uploads to arbitrary locations. Note: This audit will check common installation directories of FCKeditor (i.e. "/fckeditor/", "/system/fckeditor/", "/", "/editor/"); it can be further customized in Retina to check other installation directories. Fix:Update FCKeditor to version 2.6.4.1 or newest release.	CVE-2009-2265
IBM WebSphere Application Server Multiple Vulnerabilities (200906)	IBM WebSphere Application Server (WAS) contains multiple vulnerabilities that could be exploited to bypass security restrictions or obtain sensitive system information. Other unspecified vulnerabilities exist that have unknown impacts and remote attack vectors. Fix:Apply appropriate vendor-supplied patch and/or fix pack. WebSphere Application Server 7.0: Apply Fix Pack 5 or newer, or Interim Fix APAR PK78134. WebSphere Application Server 6.1: Apply Fix Pack 25 or newer, or Interim Fix APAR PK78134. WebSphere Application Server 6.0: Upgrade to 6.0.2.35 or newer.	CVE-2009-1898 CVE-2009-0899 CVE-2009-1899 CVE-2009-1901 CVE-2009-1900
PHP JPEG Exif Data Processing Denial of Service	PHP contains a vulnerability in the "exif_read_data()" function when processing JPEG images containing malformed data. Successful exploitation could cause a denial of service condition (i.e. segmentation fault). Note: This audit is designed for versions of PHP obtained from PHP.net and may report false findings with vendor specific backports. Fix:Upgrade PHP to version 5.2.10 or newer.
Apache Tomcat Multiple Vulnerabilities (200906)	Apache Tomcat contains multiple vulnerabilities when handling specially crafted requests (via parameters, Java AJP connector request headers, URL encoded passwords) that could allow an attacker to obtain potentially sensitive information, cause denial of service conditions, enumerate existing/non-existing usernames, or conduct cross-site scripting attacks. Another vulnerability also exists that allows a web application to change the XML parser responsible for loading application files. This could be leveraged by rogue web applications to read and/or manipulate XML files of other web applications deployed on the Tomcat instance. Note: This audit is designed for versions of Tomcat obtained from Tomcat.Apache.org and may report false findings with vendor specific backports. Fix:Upgrade Apache Tomcat to versions 6.0.20, 5.5.SVN, or 4.1.SVN, or newest release.	CVE-2009-0580 CVE-2009-0783 CVE-2009-0781 CVE-2008-5515 CVE-2009-0033
BlackBerry Attachment Service PDF Distiller Vulnerabilities (20090527)	BlackBerry Enterprise Server and BlackBerry Professional Software contain an unspecified vulnerability handling malformed PDF documents. This vulnerability could enable a malicious individual to send an email message containing a malformed PDF file, which when viewed on a BlackBerry smartphone, could trigger the vulnerability and thus allow execution of arbitrary code on the server that the runs the BlackBerry Attachment Service. Fix:Apply appropriate vendor supplied patch or upgrade affected product to the newest available version.
Microsoft Windows GDI+ Multiple Vulnerabilities (957488) - SQL Reporting 2000	Microsoft Windows GDI+ contains multiple vulnerabilities when processing malformed image files (WMF, PNG, TIFF, BMP), processing malformed Office Art Property tables, and handling crafted .NET GDI+ APIs. Successful exploitation could allow execution of arbitrary code. Any program which processes WMF/PNG/TIFF/BMP images, processes Office Art Property tables, or handles .NET GDI+ APIs may be affected by these vulnerabilities. Fix:Install the appropriate patch from Microsoft or through Windows Update.	CVE-2009-2501 CVE-2009-2504 CVE-2009-3126 CVE-2009-2500 CVE-2009-2503 CVE-2009-2528 CVE-2009-2518 CVE-2009-2502
Apache Multiple Vulnerabilities (20091005)	Apache contains vulnerabilities within the mod_proxy_ftp module and within Solaris pollset support that could allow remote attackers to bypass security restrictions or cause denial of service conditions. Note: This audit is for versions of Apache HTTPd obtained from Apache.org and may report false findings with vendor specific backports. Fix:Update Apache HTTP Server 2.2.14 or newer via Apache.org.	CVE-2009-3095 CVE-2009-2699 CVE-2009-3094
Cisco IOS CME Buffer Overflow (20090923) - SNMP	Cisco IOS contains a buffer overflow vulnerability within the Cisco Unified Communications Manager Express (CME) and the Extension Mobility features when handling malformed packets. Successful exploitation could allow execution of arbitrary code or could cause a denial of service condition. Fix:Update Cisco IOS to the appropriate fixed release.	CVE-2009-2865
Cisco IOS Authentication Proxy Bypass (20090923) - SNMP	Cisco IOS contains a vulnerability within the Authentication Proxy for HTTP(S), Web Authentication, and "Consent" features that could allow an attacker (i.e. with an unauthenticated session) to bypass the authentication proxy server or the consent webpage. Successful exploitation of this vulnerability grants unauthenticated sessions the privileges of an authenticated session. Fix:Update Cisco IOS to the appropriate fixed release.	CVE-2009-2863
Cisco IOS Object-Group Access Control List Bypass (20090923) - SNMP	Cisco IOS contains a vulnerability within the Object Groups for Access Control Lists (ACLs) feature that could allow remote unauthenticated attackers to bypass access control policies. Fix:Update Cisco IOS to the appropriate fixed release.	CVE-2009-2862
IBM WebSphere Application Server Multiple Vulnerabilities (200909)	IBM WebSphere Application Server (WAS) contains multiple vulnerabilities that could be exploited to conduct cross-site scripting attacks or cause denial of service conditions. Fix:Apply appropriate vendor-supplied patch and/or fix pack. WebSphere Application Server 6.1: Apply Fix Pack 27 or newer.	CVE-2009-2742 CVE-2009-2744
IBM WebSphere Application Server HTTP HEAD Security Bypass	IBM WebSphere Application Server (WAS) contains a vulnerability within the "doGet" and "doTrace" methods when handling specially crafted HTTP HEAD requests. Successful exploitation could allow an attacker to bypass security restrictions and gain access to potentially sensitive information. Fix:Apply appropriate vendor-supplied patch and/or fix pack. WebSphere Application Server 6.1: Apply Fix Pack 27 or newer, or Interim Fix APAR PK83258. WebSphere Application Server 6.0: Upgrade to 6.0.2.37 or newer, or Iterim Fix APAR PK83258.	CVE-2009-3106
PHP Multiple Unspecified Vulnerabilities (20090916)	PHP 5.2.10 and prior contain multiple unspecified vulnerabilities due to issues with certificate validation, color indices, and exif data. Although the attack vectors or impact are unknown, attackers may leverage the vulnerabilities to misuse or potentially compromise the affected host. Note: This audit is designed for versions of PHP obtained from PHP.net and may report false findings with vendor specific backports. Fix:Upgrade PHP to version 5.2.11 or newer.	CVE-2009-3293 CVE-2009-3291 CVE-2009-3292
Samba Multiple Unspecified Vulnerabilities (Zero-Day)	Multiple unspecified vulnerabilities have been identified in Samba that could potentially be exploited to execute arbitrary code or cause the daemon to crash. Fix:Although exploits are not publicly available (i.e. for any user to download), the vulnerabilities and exploitation thereof cannot be completely ruled out. The best form of mitigation is to disable the Samba service if not needed. Alternatively it may be possible to minimize potential exploitation by restricting access to the system to only trusted networks.
Cisco Firewall Services Module Detected Via SNMP	Retina has detected a Cisco Firewall Services Module on the targeted device. This module is historically known to contain vulnerabilities on certain devices (e.g. Catalyst 6500 Series Switches, 7600 Series Routers) that could allow remote attackers to bypass security restrictions or trigger denial of service conditions. Fix:Ensure that the module is upgraded to the newest available version.	CVE-2007-5584 CVE-2007-5571 CVE-2005-1517 CVE-2007-0967 CVE-2007-5570 CVE-2007-0966 CVE-2007-0963 CVE-2003-1001 CVE-2007-0968 CVE-2007-5568 CVE-2009-0638 CVE-2003-1002 CVE-2006-4312
Apache Multiple Vulnerabilities (20090727)	Apache contains a vulnerability that could allow local attackers to gain elevated privileges via a crafted SHTML file. Other vulnerabilities exist within various modules (i.e. mod_proxy, mod_proxy_ajp, mod_deflate) and modules depending on the Apache APR-util (e.g. mod_apreq2, mod_dav, mod_dav_svn) that could cause excessive consumption of memory or CPU resources, cause the daemon to crash, or disclose potentially sensitive information. Note: This audit is for versions of Apache HTTPd obtained from Apache.org and may report false findings with vendor specific backports. Fix:Update Apache HTTP Server 2.2.12 or newer via Apache.org.	CVE-2009-1955 CVE-2009-1191 CVE-2009-1891 CVE-2009-0023 CVE-2009-1956 CVE-2009-1195 CVE-2009-1890
HTTP Basic Access Authentication Credentials - :root	Retina has detected the targeted host as using weak or common HTTP basic authentication credentials. An attacker can use these credentials to gain access or make modifications to specific information stored on the host, such as security settings and preferences, which could result in the compromise of the overall confidentiality and integrity of the host. Fix:Change the username and/or password. Manually ensure all settings have not been tampered. Note: The audit identifier indicates the credentials weak or common credentials (i.e. formatted as "username:password"). For example, ":admin" indicates no username with a password of "admin".
HTTP Basic Access Authentication Credentials - root:	Retina has detected the targeted host as using weak or common HTTP basic authentication credentials. An attacker can use these credentials to gain access or make modifications to specific information stored on the host, such as security settings and preferences, which could result in the compromise of the overall confidentiality and integrity of the host. Fix:Change the username and/or password. Manually ensure all settings have not been tampered. Note: The audit identifier indicates the credentials weak or common credentials (i.e. formatted as "username:password"). For example, ":admin" indicates no username with a password of "admin".
HTTP Basic Access Authentication Credentials - root:root	Retina has detected the targeted host as using weak or common HTTP basic authentication credentials. An attacker can use these credentials to gain access or make modifications to specific information stored on the host, such as security settings and preferences, which could result in the compromise of the overall confidentiality and integrity of the host. Fix:Change the username and/or password. Manually ensure all settings have not been tampered. Note: The audit identifier indicates the credentials weak or common credentials (i.e. formatted as "username:password"). For example, ":admin" indicates no username with a password of "admin".
HTTP Basic Access Authentication Credentials - :admin	Retina has detected the targeted host as using weak or common HTTP basic authentication credentials. An attacker can use these credentials to gain access or make modifications to specific information stored on the host, such as security settings and preferences, which could result in the compromise of the overall confidentiality and integrity of the host. Fix:Change the username and/or password. Manually ensure all settings have not been tampered. Note: The audit identifier indicates the credentials weak or common credentials (i.e. formatted as "username:password"). For example, ":admin" indicates no username with a password of "admin".
HTTP Basic Access Authentication Credentials - admin:	Retina has detected the targeted host as using weak or common HTTP basic authentication credentials. An attacker can use these credentials to gain access or make modifications to specific information stored on the host, such as security settings and preferences, which could result in the compromise of the overall confidentiality and integrity of the host. Fix:Change the username and/or password. Manually ensure all settings have not been tampered. Note: The audit identifier indicates the credentials weak or common credentials (i.e. formatted as "username:password"). For example, ":admin" indicates no username with a password of "admin".
HTTP Basic Access Authentication Credentials - admin:password	Retina has detected the targeted host as using weak or common HTTP basic authentication credentials. An attacker can use these credentials to gain access or make modifications to specific information stored on the host, such as security settings and preferences, which could result in the compromise of the overall confidentiality and integrity of the host. Fix:Change the username and/or password. Manually ensure all settings have not been tampered. Note: The audit identifier indicates the credentials weak or common credentials (i.e. formatted as "username:password"). For example, ":admin" indicates no username with a password of "admin".
HTTP Basic Access Authentication Credentials - admin:admin	Retina has detected the targeted host as using weak or common HTTP basic authentication credentials. An attacker can use these credentials to gain access or make modifications to specific information stored on the host, such as security settings and preferences, which could result in the compromise of the overall confidentiality and integrity of the host. Fix:Change the username and/or password. Manually ensure all settings have not been tampered. Note: The audit identifier indicates the credentials weak or common credentials (i.e. formatted as "username:password"). For example, ":admin" indicates no username with a password of "admin".
Cisco ASA Clientless WebVPN Multiple Vulnerabilities	Cisco ASA Adaptive Security Appliance Clientless SSL VPN (WebVPN) contains multiple vulnerabilities that could allow a remote attacker to inject arbitrary script or HTML code into the the VPN session, and/or obtain authentication credentials by convincing a user to visit a malicious FTP or CIFS site. Note: This audit requires the target device to be configured with SNMP. Fix:Update to the appropriate fixed release.	CVE-2009-1201 CVE-2009-1203 CVE-2009-1202
Sun Java System Communications Express Cross-Site Scripting	Sun Java System Communications Express contains multiple vulnerabilities that could allow an anonymous attacker to conduct cross-site scripting attacks in the context of the affected site. Fix:Apply appropriate Sun-supplied patch.	CVE-2009-1729

This file last modified 11/23/09